Top Feedback Summary for April 7

Feedback	On this list for	Addressed on
Add an option to hide the Bing search bar on the new tab page (Learn more)	32 weeks	Mar 31, 2020
Allow the search bar in the new tab page to be configured with other search providers (Learn more)	32 weeks	Mar 31, 2020
Provide an option to set a custom URL for a new tab instead of showing the new tab page (Learn more)	32 weeks	Mar 31, 2020
Enable sync of installed browser extensions between devices	19 weeks	Mar 19. 2020
Some users are unable to access any web page	3 weeks	Mar 11, 2020
Favorites sync issues, including sync not working, deleted favorites reappearing, and favorites being duplicated	13 weeks	Mar 4, 2020
Provide an option to add a share button to the tool bar	17 weeks	Feb 26, 2020
Need for better handling of links when there is more than one profile	26 weeks	Feb 21, 2020
Touchpad two-finger scrolling is sometimes triggering a right click instead	24 weeks	Feb 21, 2020
Add the ability to change the location for news content on the new tab page	20 weeks	Jan 22, 2020
Provide the ability to change the title of tiles on the new tab page	22 weeks	Jan 22, 2020
Enable search in the extensions store	17 weeks	Dec 19, 2019
The taskbar icon is not updating to the new Microsoft Edge logo	1 week	Nov 14, 2019
A round of improvements to scrolling experience, with more (including performance) to come down the line	12 weeks	Nov 14, 2019
YouTube.com does not render properly and appears extremely magnified	1 week	Nov 4, 2019
Bring the OneNote Web Clipper to the Microsoft Edge extensions store	4 weeks	Nov 4, 2019
Improve discoverability of the home button since some users are asking for it. (Join the discussion)	8 weeks	October 29, 2019
Microsoft Edge is crashing whenever a new tab is opened from a link	1 week	October 22, 2019
Inking for PDF files	9 weeks	October 22, 2019
Provide an option to remove the send feedback “smiley” button from the toolbar	1 week	October 15, 2019
Show the New Tab Page in dark theme when the browser is in dark theme	6 weeks	October 1, 2019
Add the ability to turn off the news feed on the new tab page	6 weeks	October 1, 2019
ClickOnce deployment of Windows applications from web pages	6 weeks	October 1, 2019
Website elements are being flipped upside down when switching between tabs	1 week	September 17, 2019
Sign-in profile picture is not always kept up to date	4 weeks	September 17, 2019
“Administrator Mode Detected” error message when opening the browser	2 weeks	September 4, 2019
Add a favorites button to the toolbar, for quicker access to favorites	1 week	August 29, 2019
Make it easier to share web content with other users and apps	1 week	August 29, 2019
Drop down menus in some web pages are not working	1 week	August 29, 2019
Add a dark theme to Microsoft Edge	Addressed before these posts started
Build translation capabilities into the browser	Addressed before these posts started
Delete browsing history on exit	Addressed before these posts started
Show favorites bar only on the new tab page	Addressed before these posts started
Bring back reading view	Addressed before these posts started
Sync data with my work or school account	Addressed before these posts started

Feedback On this list for Addressed on Add an option to hide the Bing search bar on the new tab page (Learn more) 32 weeks Mar 31, 2020 Allow the search bar in the new tab page to be configured with other search providers (Learn more) 32 weeks Mar 31, 2020 Provide an option to set a custom URL for a new tab instead of showing the new tab page (Learn more) 32 weeks Mar 31, 2020 Enable sync of installed browser extensions between devices 19 weeks Mar 19. 2020 Some users are unable to access any web page 3 weeks Mar 11, 2020 Favorites sync issues, including sync not working, deleted favorites reappearing, and favorites being duplicated 13 weeks Mar 4, 2020 Provide an option to add a share button to the tool bar 17 weeks Feb 26, 2020 Need for better handling of links when there is more than one profile 26 weeks Feb 21, 2020 Touchpad two-finger scrolling is sometimes triggering a right click instead 24 weeks Feb 21, 2020 Add the ability to change the location for news content on the new tab page 20 weeks Jan 22, 2020 Provide the ability to change the title of tiles on the new tab page 22 weeks Jan 22, 2020 Enable search in the extensions store 17 weeks Dec 19, 2019 The taskbar icon is not updating to the new Microsoft Edge logo 1 week Nov 14, 2019 A round of improvements to scrolling experience, with more (including performance) to come down the line 12 weeks Nov 14, 2019 YouTube.com does not render properly and appears extremely magnified 1 week Nov 4, 2019 Bring the OneNote Web Clipper to the Microsoft Edge extensions store 4 weeks Nov 4, 2019 Improve discoverability of the home button since some users are asking for it. (Join the discussion) 8 weeks October 29, 2019 Microsoft Edge is crashing whenever a new tab is opened from a link 1 week October 22, 2019 Inking for PDF files 9 weeks October 22, 2019 Provide an option to remove the send feedback “smiley” button from the toolbar 1 week October 15, 2019 Show the New Tab Page in dark theme when the browser is in dark theme 6 weeks October 1, 2019 Add the ability to turn off the news feed on the new tab page 6 weeks October 1, 2019 ClickOnce deployment of Windows applications from web pages 6 weeks October 1, 2019 Website elements are being flipped upside down when switching between tabs 1 week September 17, 2019 Sign-in profile picture is not always kept up to date 4 weeks September 17, 2019 “Administrator Mode Detected” error message when opening the browser 2 weeks September 4, 2019 Add a favorites button to the toolbar, for quicker access to favorites 1 week August 29, 2019 Make it easier to share web content with other users and apps 1 week August 29, 2019 Drop down menus in some web pages are not working 1 week August 29, 2019 Add a dark theme to Microsoft Edge Addressed before these posts started Build translation capabilities into the browser Addressed before these posts started Delete browsing history on exit Addressed before these posts started Show favorites bar only on the new tab page Addressed before these posts started Bring back reading view Addressed before these posts started Sync data with my work or school account Addressed before these posts started

Reza_Ameri-Archived · ‎Apr 12 2020

Let me clarify a bit, when loading photos locally inside Windows like for example consider Lock Screen in Windows 10, if you remember at some point you weren't able to upload image locally because some malicious code embed into image and when user add them, they would damage system and once Windows team assure of its security and make sure image couldn't harm system, they made that option available.

Same process here, we are upload them locally and technically speaking it is about retrieving image source locally and if there are malicious code inside image , then it might execute exploit and leads to 0-days. Take note we are talking about local upload or address like we do for Windows background and lock screen today. But this also would required certain validations and checking locally and I post this as reminder for Microsoft Edge team to take these into consideration , I am referencing to old 0-days when opening picture could cause execution of exploit or malware.

HotCakeX · ‎Apr 12 2020

@Reza_Ameri-Archived wrote:
@HotCakeX

Let me clarify a bit, when loading photos locally inside Windows like for example consider Lock Screen in Windows 10, if you remember at some point you weren't able to upload image locally because some malicious code embed into image and when user add them, they would damage system and once Windows team assure of its security and make sure image couldn't harm system, they made that option available.

Same process here, we are upload them locally and technically speaking it is about retrieving image source locally and if there are malicious code inside image , then it might execute exploit and leads to 0-days. Take note we are talking about local upload or address like we do for Windows background and lock screen today. But this also would required certain validations and checking locally and I post this as reminder for Microsoft Edge team to take these into consideration , I am referencing to old 0-days when opening picture could cause execution of exploit or malware.

wrote: Let me clarify a bit, when loading photos locally inside Windows like for example consider Lock Screen in Windows 10, if you remember at some point you weren't able to upload image locally because some malicious code embed into image and when user add them, they would damage system and once Windows team assure of its security and make sure image couldn't harm system, they made that option available. Same process here, we are upload them locally and technically speaking it is about retrieving image source locally and if there are malicious code inside image , then it might execute exploit and leads to 0-days. Take note we are talking about local upload or address like we do for Windows background and lock screen today. But this also would required certain validations and checking locally and I post this as reminder for Microsoft Edge team to take these into consideration , I am referencing to old 0-days when opening picture could cause execution of exploit or malware.

I know All of them, they are not related.

if a user has a picture that contains malware then the Antivirus should detect it, not Edge.

Wade_Middleton · ‎Apr 12 2020

@MissyQ Why is the S still not capitalised in the ‘search the web for …’ context menu entry when the browser language is set to English UK? I would like to see this fixed.

Screenshot

Reza_Ameri-Archived · ‎Apr 13 2020

There is concept known as defense in depth , meaning there would be multiple layer of protection and Anti-Malware is only one layer of protection. My example discuss about pro-active protection techniques which are built into the upload code with certain validation and these are techniques for validating input files and there has been similar cases in past and I am adding this reminder and concentrate on source code for validating uploads file which would reduce risks.

For example, IIS able to defend most web-based attacks but Microsoft Edge still has some defensive techniques like Anti-XSS, just to add another defense layer and make it harder to cybercriminals and hackers.

HotCakeX · ‎Apr 13 2020

@Reza_Ameri-Archived wrote:
@HotCakeX

There is concept known as defense in depth , meaning there would be multiple layer of protection and Anti-Malware is only one layer of protection. My example discuss about pro-active protection techniques which are built into the upload code with certain validation and these are techniques for validating input files and there has been similar cases in past and I am adding this reminder and concentrate on source code for validating uploads file which would reduce risks.

For example, IIS able to defend most web-based attacks but Microsoft Edge still has some defensive techniques like Anti-XSS, just to add another defense layer and make it harder to cybercriminals and hackers.

wrote: There is concept known as defense in depth , meaning there would be multiple layer of protection and Anti-Malware is only one layer of protection. My example discuss about pro-active protection techniques which are built into the upload code with certain validation and these are techniques for validating input files and there has been similar cases in past and I am adding this reminder and concentrate on source code for validating uploads file which would reduce risks. For example, IIS able to defend most web-based attacks but Microsoft Edge still has some defensive techniques like Anti-XSS, just to add another defense layer and make it harder to cybercriminals and hackers.

Microsoft Defender/Windows Security is not a single layered protection solution.

by the way, not sure what gave off that impression? but I never said I need to relearn about those subjects. and they are pretty much off-topic.

there is personal messages on the website if you need.

Reza_Ameri-Archived · ‎Apr 14 2020

Firstly, this is public forum so when you response to message , I will need to reply back to clarify my message. There are other people who are visiting this forum and may be subject is clear for you but it is not clear for others. Your reply gave me expression that I need to clarify, there is nothing personal.

I don't think it is out of topic, it is just security reminder for Microsoft Edge developers and there have been similar attacks in past, so I believe this is important reminder.

HotCakeX · ‎Apr 14 2020

@Reza_Ameri-Archived wrote:
@HotCakeX

Firstly, this is public forum so when you response to message , I will need to reply back to clarify my message. There are other people who are visiting this forum and may be subject is clear for you but it is not clear for others. Your reply gave me expression that I need to clarify, there is nothing personal.

I don't think it is out of topic, it is just security reminder for Microsoft Edge developers and there have been similar attacks in past, so I believe this is important reminder.

wrote: Firstly, this is public forum so when you response to message , I will need to reply back to clarify my message. There are other people who are visiting this forum and may be subject is clear for you but it is not clear for others. Your reply gave me expression that I need to clarify, there is nothing personal. I don't think it is out of topic, it is just security reminder for Microsoft Edge developers and there have been similar attacks in past, so I believe this is important reminder.

Like I said it's not for Edge but for Windows security/Microsoft Defender to protect the files in the OS.

so that is off topic because not related to Edge.

and the reason is that the pictures we use for Edge NTP background are not uploaded anywhere to the Internet, it's for offline use.

I can post some random security texts here and call them related as well but they're not.

Reza_Ameri-Archived · ‎Apr 14 2020

It is relevant to Microsoft Edge, because when Microsoft Edge allow ability to upload or read image from windows, it might lead to exploit new vulnerability and I am sharing preventive reminder. I don't want to see 0-day vulnerability where this feature cause hackers to take complete control of Windows. Most of 0-days vulnerabilities available in any browsers is detectable by Windows Defender as malware but their product teams still patch them, because it is issue with exploit in their products.

Please refer to latest lock screen and Windows background exploit in past ten years and look into their attack model and you see it is relevant. If Microsoft Edge don't add feature of upload local picture, there is no exploit or 0-days. But I am not saying to remove this feature, I am saying when there is such a feature, there are risk of 0-days and they have to be careful and validate it correctly in the source code of Microsoft Edge.

HotCakeX · ‎Apr 14 2020

@Reza_Ameri-Archived wrote:
@HotCakeX

It is relevant to Microsoft Edge, because when Microsoft Edge allow ability to upload or read image from windows, it might lead to exploit new vulnerability and I am sharing preventive reminder. I don't want to see 0-day vulnerability where this feature cause hackers to take complete control of Windows. Most of 0-days vulnerabilities available in any browsers is detectable by Windows Defender as malware but their product teams still patch them, because it is issue with exploit in their products.

Please refer to latest lock screen and Windows background exploit in past ten years and look into their attack model and you see it is relevant. If Microsoft Edge don't add feature of upload local picture, there is no exploit or 0-days. But I am not saying to remove this feature, I am saying when there is such a feature, there are risk of 0-days and they have to be careful and validate it correctly in the source code of Microsoft Edge.

wrote: It is relevant to Microsoft Edge, because when Microsoft Edge allow ability to upload or read image from windows, it might lead to exploit new vulnerability and I am sharing preventive reminder. I don't want to see 0-day vulnerability where this feature cause hackers to take complete control of Windows. Most of 0-days vulnerabilities available in any browsers is detectable by Windows Defender as malware but their product teams still patch them, because it is issue with exploit in their products. Please refer to latest lock screen and Windows background exploit in past ten years and look into their attack model and you see it is relevant. If Microsoft Edge don't add feature of upload local picture, there is no exploit or 0-days. But I am not saying to remove this feature, I am saying when there is such a feature, there are risk of 0-days and they have to be careful and validate it correctly in the source code of Microsoft Edge.

If someone has a bad image that has malware code in it, it's a time bomb, if not today, tomorrow it will be run. if not in Edge, some other photo viewer or opener will run it.

that's why Windows Defender (or any other AV) is the more thorough and proper solution for it.

Edge is simply one of the thousands of ways that a photo with malware code can harm a user.

Reza_Ameri-Archived · ‎Apr 14 2020

If there is a malicious file including image , Windows Defender is there to protect user and SmartScreen filter in Microsoft Edge even could prevent it from download and there is another SmartScreen filter in Windows to make sure they won't get in. However, based on Microsoft Security Development Lifecycle which discussed pro-active measurements against exploit and it is pro-active method to enhance security in application itself. This is important requirement and what I mentioned should be placed directly into non-Functional Requirement under Security for Microsoft Edge project.

HotCakeX · ‎Apr 14 2020

@Reza_Ameri-Archived wrote:
@HotCakeX

If there is a malicious file including image , Windows Defender is there to protect user and SmartScreen filter in Microsoft Edge even could prevent it from download and there is another SmartScreen filter in Windows to make sure they won't get in. However, based on Microsoft Security Development Lifecycle which discussed pro-active measurements against exploit and it is pro-active method to enhance security in application itself. This is important requirement and what I mentioned should be placed directly into non-Functional Requirement under Security for Microsoft Edge project.

wrote: If there is a malicious file including image , Windows Defender is there to protect user and SmartScreen filter in Microsoft Edge even could prevent it from download and there is another SmartScreen filter in Windows to make sure they won't get in. However, based on Microsoft Security Development Lifecycle which discussed pro-active measurements against exploit and it is pro-active method to enhance security in application itself. This is important requirement and what I mentioned should be placed directly into non-Functional Requirement under Security for Microsoft Edge project.

Or it can rely on Windows Defender to protect not only Edge but ALL applications that users have on their computer, improving detection of the built in security solution in Windows is better than securing a single program.

HotCakeX · ‎Apr 14 2020

Edge and Windows Defender are tightly integrated. Edge provides the browser and WD provides all the security it needs.

Edge uses Windows Defender to check files, it uses SmartScreen to check downloads and URLs, uses WD PUA to check downloaded programs in Edge, uses WDAG to create secure browsing sessions etc.

so it's always Edge + Windows Defender

and just like this case with pictures, Edge should use WD's engine to check pictures for any malicious code before they are put as background in NTP. WD should also protect users from all other applications, that's the whole point. Windows and Edge are both Microsoft's products so they should create a safe environment for the user and not just for an application.

Reza_Ameri-Archived · ‎Apr 14 2020

I am familiar with architecture of Windows and Microsoft Edge including Windows Defender.

What you are saying is ideal condition when Windows Defender is on and there is no 0-days. During Windows XP era people believed Anti-Malware could protect against everything while we are facing scenario where it is not always true. In general when there is 0-days in any Microsoft Products like Microsoft Edge, Internet Explorer ,etc. they could just release signature to Windows Defender but they also release patch for specific product , because new security architecture is based on proactive measurement.

HotCakeX · ‎Apr 14 2020

@Reza_Ameri-Archived wrote:
@HotCakeX

I am familiar with architecture of Windows and Microsoft Edge including Windows Defender.
What you are saying is ideal condition when Windows Defender is on and there is no 0-days. During Windows XP era people believed Anti-Malware could protect against everything while we are facing scenario where it is not always true. In general when there is 0-days in any Microsoft Products like Microsoft Edge, Internet Explorer ,etc. they could just release signature to Windows Defender but they also release patch for specific product , because new security architecture is based on proactive measurement.

wrote: I am familiar with architecture of Windows and Microsoft Edge including Windows Defender.What you are saying is ideal condition when Windows Defender is on and there is no 0-days. During Windows XP era people believed Anti-Malware could protect against everything while we are facing scenario where it is not always true. In general when there is 0-days in any Microsoft Products like Microsoft Edge, Internet Explorer ,etc. they could just release signature to Windows Defender but they also release patch for specific product , because new security architecture is based on proactive measurement.

Same here.

I know, 0-day bugs apply to everything, not just Edge.

Reza_Ameri-Archived · ‎Apr 15 2020

True, what I have discussed is proactive method to reduce 0-days. I shared it based on my experience with exploit and 0-days and I have seen similar attacks on other application so I gave early warning.

HotCakeX · ‎Apr 15 2020

@Reza_Ameri-Archived wrote:
True, what I have discussed is proactive method to reduce 0-days. I shared it based on my experience with exploit and 0-days and I have seen similar attacks on other application so I gave early warning.

wrote:True, what I have discussed is proactive method to reduce 0-days. I shared it based on my experience with exploit and 0-days and I have seen similar attacks on other application so I gave early warning.

Okay, based on my experience it's better to inoculate the 0-days and exploits at OS level for all applications.

Reza_Ameri-Archived · ‎Apr 16 2020

Windows has great protection against 0-days, I believe you already know about Exploit Protection in Windows 10. However, application developers also are responsible to develop secure codes and prevent 0-days and it is practice in Microsoft Office, Microsoft Edge and other Microsoft products too.

HotCakeX · ‎Apr 16 2020

@Reza_Ameri-Archived wrote:
@HotCakeX

Windows has great protection against 0-days, I believe you already know about Exploit Protection in Windows 10. However, application developers also are responsible to develop secure codes and prevent 0-days and it is practice in Microsoft Office, Microsoft Edge and other Microsoft products too.

wrote: Windows has great protection against 0-days, I believe you already know about Exploit Protection in Windows 10. However, application developers also are responsible to develop secure codes and prevent 0-days and it is practice in Microsoft Office, Microsoft Edge and other Microsoft products too.

in case of files containing malware, it's the job of Windows Defender to take care of it.

Reza_Ameri-Archived · ‎Apr 16 2020

It is about Exploit and not malware, uploading photo which I mentioned earlier is concern would might leads to 0-days vulnerability.

HotCakeX · ‎Apr 16 2020