CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Microsoft restricts Internet Explorer mode in Edge after exploitation

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

Microsoft has restricted the use of Internet Explorer (IE) mode in its Edge browser after threat actors exploited it to gain unauthorized access to users' devices. The attackers used social engineering and unpatched exploits in IE's JavaScript engine (Chakra) to achieve remote code execution and privilege escalation. The attacks began in August 2025, when the Edge security team learned that threat actors were directing targets to an official-looking spoofed website. The exploitation allowed for remote code execution and privilege escalation, leading to complete control of the victim's device. Microsoft has removed the dedicated toolbar button, context menu, and hamburger menu items for IE mode, requiring users to enable it explicitly for specific sites. The new restrictions do not apply to commercial users, who can continue to use IE mode as configured through enterprise policies.

Timeline

  1. 13.10.2025 12:54 2 articles · 2d ago

    Microsoft restricts Internet Explorer mode in Edge after exploitation

    Microsoft has restricted the use of Internet Explorer (IE) mode in its Edge browser after threat actors exploited it to gain unauthorized access to users' devices. The attacks began in August 2025, when the Edge security team learned that threat actors were directing targets to an official-looking spoofed website. The attacks involved social engineering and unpatched exploits in IE's JavaScript engine (Chakra) to achieve remote code execution and privilege escalation. The flaw in the Chakra JavaScript engine remains unpatched. Microsoft has removed the dedicated toolbar button, context menu, and hamburger menu items for IE mode, requiring users to enable it explicitly for specific sites. The new restrictions do not apply to commercial users, who can continue to use IE mode as configured through enterprise policies.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Increased Browser-Based Attacks Targeting Business Applications

Browser-based attacks targeting business applications have surged, exploiting modern work practices and decentralized internet apps. These attacks, including phishing, malicious OAuth integrations, and browser extensions, compromise business apps and data by targeting users. The attacks leverage various delivery channels and evasion techniques, making them difficult to detect and block. Phishing attacks have evolved to use non-email channels such as social media, instant messaging apps, and malicious search engine ads. These attacks often bypass traditional email security controls and are harder to detect. Attackers exploit the decentralized nature of modern work environments, targeting users across multiple apps and communication channels. Non-email phishing attacks can result in significant breaches, as seen in the 2023 Okta breach. The rise in these attacks highlights the need for enhanced browser security measures and better visibility into user activities within the browser.

Open in new tab

Increased Focus on Browser Security Due to Rising Threats

The browser has become a prime target for attackers due to its central role in modern work environments. Attacks exploit vulnerabilities, malicious extensions, and session hijacking to steal sensitive data. The Snowflake breach highlighted the risks, prompting discussions on whether the browser is the new endpoint. Experts emphasize the need for stronger browser security measures to mitigate these threats. The Snowflake attack, which used stolen credentials, underscored the vulnerability of browsers. This incident, along with others like those by Scattered Spider and ShinyHunters, has led to increased awareness of browser security risks. Experts suggest that enterprises should treat the browser as a secure agent and integrate browser security with network and endpoint protections. Attacks on browsers often avoid malware, making detection difficult. Security measures should minimize user friction and integrate browser, network, and endpoint security for comprehensive threat prevention.

Open in new tab

Scattered Spider's Browser-Based Attacks and Mitigation Strategies

Scattered Spider, also known as UNC3944, Octo Tempest, or Muddled Libra, has evolved to target browser environments, exploiting vulnerabilities in web applications accessed via Chrome, Edge, Firefox, and other browsers. This group focuses on stealing sensitive data such as credentials, session tokens, and security tokens. Over 80% of security incidents now originate from these web applications, making browser security a critical concern for enterprises. Scattered Spider employs sophisticated techniques like Browser-in-the-Browser overlays, session token theft, and malicious extensions to evade traditional security tools. To counter these threats, CISOs must implement multi-layered browser security strategies, including runtime script protection, session integrity, extension governance, and browser telemetry integration.

Open in new tab