After Chrome 118 and Firefox 118, Microsoft followed suit and released Microsoft Edge version 118. You can now upgrade to Edge version 118.0.2088.46 which includes new improvements and security patches.
Additionally, Microsoft has also published a Security Baseline for this version of Edge, but it is the same one that applies to Edge 117 with several policy additions.
That being said, Microsoft Edge 118 addresses a total of 15 security vulnerabilities, out of which 14 are Chromium-based, and only one is Edge-specific: CVE-2023-36559, which is a spoofing vulnerability with low severity.
Let us dive into the details of Microsoft Edge 118 and learn what is new before proceeding to install it.
Edge 118 release summary
- Complete Release Build: 118.0.2088.46
- Release Date: Friday, October 13th, 2023
- Compatibility: Windows 11, 10 (32-bit and 64-bit), Mac, Linux, iOS, and Android.
- Previous Build: 117.0.2045.31
- Security Fixes: 15. More information about security fixes can be found here.
New in Microsoft Edge 118
Improved Find on Page
The “Find on page” is a feature that is available across most applications and programs, including all web browsers. You can open the Find dialog box using the CTRL + F shortcut keys, or using the menu.
With Edge 118, the Find on Page feature has now been powered with Artificial Intelligence (AI). It now uses Copilot to enhance your search results. Even if you make a typo and write the wrong spellings, the Find on Page feature will still show you the results that you might be looking for.
Moreover, the Find feature can also highlight synonyms. So even if you do not know the exact word that you are looking for, write a similar word that means the same and it will show you the similar words. For this feature, you must enable the “Match case” option from the dialog box.
Download Edge updates over metered connections
Metered connections are those networks where the amount of data consumed incurs a cost. The Windows operating system does not usually download non-essential updates over metered connections unless the settings are changed. Now, with Edge 118, you can configure it to download Edge updates over such networks.
Microsoft has introduced the option “Download Updates over metered connection” to Edge’s settings. Enabling this option will allow the Edge browser to do just that.
To access the option, click on the 3 dots in the top-right corner of the browser, expand “Help and feedback,” and then click “About Microsoft Edge.” Here, toggle the slider in front of “Download Updates over metered connections” into the On position.
Other changes in Edge 118
The following minor changes are also part of the changelog for Edge 18:
Microsoft Edge for Business Banner is depreciated
Microsoft Edge for Business is a dedicated Microsoft Edge experience built for work that enables admins in organizations to give their users a productive and secure work browser across managed and unmanaged devices. The in-product Microsoft Edge for Business banner is being deprecated and will no longer be visible.
New SmartScreen policy
SmartScreen is a feature that provides on-the-go web security by scanning websites and downloading malicious files. Edge has now added a new policy to it named “ExemptSmartScreenDownloadWarnings.” This allows you to disable SmartScreen AppRep-based warnings for specified file types on specified domains.
As mentioned at the beginning of this post, this Edge update patches 15 security vulnerabilities. 1 is specific to Edge, while the other 14 are Chromium-based. Here are the details of these security CVEs:
- Edge-specific security CVEs
- CVE-2023-36559 – Microsoft Edge (Chromium-based) Spoofing Vulnerability
- Chromium-based security CVEs
- CVE-2023-5487 – Inappropriate implementation in Fullscreen
- CVE-2023-5486 – Inappropriate implementation in Input
- CVE-2023-5485 – Inappropriate implementation in Autofill
- CVE-2023-5484 – Inappropriate implementation in Navigation
- CVE-2023-5483 – Inappropriate implementation in Intents
- CVE-2023-5481 – Inappropriate implementation in Downloads
- CVE-2023-5479 – Inappropriate implementation in Extensions API
- CVE-2023-5478 – Inappropriate implementation in Autofill
- CVE-2023-5477 – Inappropriate implementation in Installer
- CVE-2023-5476 – Use after free in Blink History
- CVE-2023-5475 – Inappropriate implementation in DevTools
- CVE-2023-5474 – Heap buffer overflow in PDF
- CVE-2023-5473 – Use after free in Cast
- CVE-2023-5218 – Use after free in Site Isolation
To download the complete security updates summary for this release, click on the link below:
Microsoft Edge 118 Security Updates Summary (8.0 KiB, 33 hits)
Update to Edge 118
If you already have Microsoft Edge on your PC, you can simply upgrade it to the latest build using the guide given further down below. If not, use the links given in the next section to install it now.
Click on the ellipses (3 dots) in the top-right corner of the browser, expand “Help and feedback,” and then click “About Microsoft Edge.”
Edge will automatically download and install the latest version. Click Restart when it’s done.
Once it relaunches, you can return to the About page and check that it has been updated to version 118.
If you want to download Edge 118 for offline installation, you can visit the following page which lists several methods to download and upgrade your Microsoft Edge browser.
Download Microsoft Edge 118 Security Baseline
Security baselines are a set of additional configurations that give IT professionals more control over their current environment. These new controls are policies that they can configure according to their business and network requirements.
As per the official announcement, no further security policy enforcement is required at the moment and the Security Baseline for Edge version 117 is still valid. However, this baseline includes 12 new computer settings and 12 new user settings.
Download and install Security Baseline for Edge 118
Use the guide below to download and install the new Security Baseline for Microsoft Edge version 118:
Open the page for Microsoft Security Compliance Toolkit 1.0.
Select your preferred language from the drop-down menu and click Download.
Select “Microsoft Edge v117 Security Baseline.zip” and click Download.
Your download will then begin.
Extract the downloaded file.
Navigate to the following location within the extracted folder:
Microsoft Edge v117 Security Baseline >> Scripts
Right-click “Baseline-LocalInstall” and click “Run with powershell.”
To run the baseline for Active Directory, you should run the Baseline-ADImport script instead.
The script will now run automatically. Wait for the PowerShell window to close on its own, and the security baseline for Microsoft Edge 116 will now be installed.
New in Edge 118 Security Baseline
The new settings included in this release of Security Baseline for Microsoft Edge 118 are listed in this table:
|Security Setting For||Details||Location within Windows Registry|
|Machine||Data URL support for SVGUseElement||HKLM\Software\Policies\Microsoft\Edge!DataUrlInSvgUseEnabled|
|Machine||Enable compression dictionary transport support||HKLM\Software\Policies\Microsoft\Edge!CompressionDictionaryTransportEnabled|
|Machine||Disable SmartScreen AppRep based warnings for specified file types on specified domains||HKLM\Software\Policies\Microsoft\Edge!ExemptSmartScreenDownloadWarnings|
|Machine||Disable Bing chat entry-points on Microsoft Edge Enterprise new tab page||HKLM\Software\Policies\Microsoft\Edge!NewTabPageBingChatEnabled|
|Machine||Hide the company logo on the Microsoft Edge new tab page||HKLM\Software\Policies\Microsoft\Edge!NewTabPageCompanyLogoEnabled|
|Machine||Control the behavior for the cancel dialog produced by the beforeunload event||HKLM\Software\Policies\Microsoft\Edge!BeforeunloadEventCancelByPreventDefaultEnabled|
|Machine||Forces Microsoft Edge to use its built-in WNS push client to connect to the Windows Push Notification Service.||HKLM\Software\Policies\Microsoft\Edge!ForceBuiltInPushMessagingClient|
|Machine||Controls whether unload event handlers can be disabled.||HKLM\Software\Policies\Microsoft\Edge!ForcePermissionPolicyUnloadDefaultEnabled|
|Machine||Enable Picture in Picture overlay feature on supported webpages in Microsoft Edge||HKLM\Software\Policies\Microsoft\Edge!PictureInPictureOverlayEnabled|
|Machine||Control the new behavior for event dispatching on disabled form controls||HKLM\Software\Policies\Microsoft\Edge!SendMouseEventsDisabledFormControlsEnabled|
|Machine||Disable SmartScreen AppRep-based warnings for specified file types on specified domains||HKLM\Software\Policies\Microsoft\Edge!SplitScreenEnabled|
|Machine||Controls whether unload event handlers can be disabled.||HKLM\Software\Policies\Microsoft\Edge\WebView2!ForcePermissionPolicyUnloadDefaultEnabled|
|User||Data URL support for SVGUseElement||HKCU\Software\Policies\Microsoft\Edge!DataUrlInSvgUseEnabled|
|User||Enable compression dictionary transport support||HKCU\Software\Policies\Microsoft\Edge!CompressionDictionaryTransportEnabled|
|User||Disable SmartScreen AppRep-based warnings for specified file types on specified domains||HKCU\Software\Policies\Microsoft\Edge!ExemptSmartScreenDownloadWarnings|
|User||Enable the split screen feature in Microsoft Edge||HKCU\Software\Policies\Microsoft\Edge!NewTabPageBingChatEnabled|
|User||Hide the company logo on the Microsoft Edge new tab page||HKCU\Software\Policies\Microsoft\Edge!NewTabPageCompanyLogoEnabled|
|User||Control the behavior for the cancel dialog produced by the beforeunload event||HKCU\Software\Policies\Microsoft\Edge!BeforeunloadEventCancelByPreventDefaultEnabled|
|User||Forces Microsoft Edge to use its built-in WNS push client to connect to the Windows Push Notification Service.||HKCU\Software\Policies\Microsoft\Edge!ForceBuiltInPushMessagingClient|
|User||Controls whether unload event handlers can be disabled.||HKCU\Software\Policies\Microsoft\Edge!ForcePermissionPolicyUnloadDefaultEnabled|
|User||Enable Picture in Picture overlay feature on supported webpages in Microsoft Edge||HKCU\Software\Policies\Microsoft\Edge!PictureInPictureOverlayEnabled|
|User||Control the new behavior for event dispatching on disabled form controls||HKCU\Software\Policies\Microsoft\Edge!SendMouseEventsDisabledFormControlsEnabled|
|User||Enable split screen feature in Microsoft Edge||HKCU\Software\Policies\Microsoft\Edge!SplitScreenEnabled|
|User||Controls whether unload event handlers can be disabled.||HKCU\Software\Policies\Microsoft\Edge\WebView2!ForcePermissionPolicyUnloadDefaultEnabled|
To read more in detail about the new settings in Edge 118 Security Baseline, click on the link below to download the detailed Excel sheet:
New policies in Microsoft Edge 118 Security Baseline (16.0 KiB, 31 hits)
Who should install Microsoft Edge Security Baseline
Not everyone who owns a Windows computer needs to install these baselines. If you are on a home computer and use it to play games, browse websites online, and perform no work activities, you probably do not need to install this Edge security baseline.
However, if you put in your financial or Personal Identification Information (PII), or perform confidential tasks online, you can use the security baselines to make your system and your information more secure.
Edge 118 includes some new features and improvements, but not many people may benefit from them. However, the security improvements alone are sufficient for you to upgrade to this build.
Microsoft Edge Update History
|Edge Version||Release Date||Features & improvements|
|Edge 119||2-Nov-23||Addresses 16 vulnerabilities, improves split-screen restore, ability to manage sidebar app auto-launch, “Always show sidebar” option placed under Copilot settings|
|Edge 118||13-Oct-23||Addresses 15 vulnerabilities, and introduces AI-powered Find on Page.|
|Edge 117||15-Sep-23||Addresses 14 vulnerabilities, includes More Tools deprecations and unload event deprecation, includes support for Microsoft Edge for Business for BYOPC via Intune.|
|Edge 116||21-Aug-23||Addresses 23 vulnerabilities, introduces split screen, ability to drop files across devices, and ability to attach Edge sidebar to desktop.|
|Edge 115||21-Jul-23||Microsoft Edge management service, rounded tabs, mouse gestures, split screen view.|
|Edge 113||5-May-23||Basic Enhanced Security Mode was removed, shifted to EdgeUpdater on macOS, and introduced new policies, addresses 2 security vulnerabilities.|
|Edge 112||6-Apr-23||Introduced Browser Essentials in place of the Performance Hub, improvements to enhanced security mode and some policies.|
|Edge 111||13-Mar-23||Bing copilot in the toolbar, auto-hiding sidebar, hover over the sidebar to expand, and policy to clear IE mode history on browser exit.|
|Edge 110||9-Feb-23||Introduces Immersive Reader policies, Azure Active Directory synchronization, Drop feature to share files, and several security updates.|
|Edge 109||13-Jan-23||14 security updates, 8 new policies, and 2 deprecated policies.|
|Edge 108||5-Dec-22||Important security fixes, a new policy to disable Web Select amongst others.|
|Edge 107||27-Oct-22||Improved sidebar, new policies, and security fixes.|
|Edge 106||3-Oct-22||Improved web defense and increased the maximum number of search results to 4|
|Edge 105||2-Sep-22||Improvements to IE mode and enhanced security|
|Edge 104||5-Aug-22||Support to import data and enhanced security on the web|
|Edge 103||23-Jun-22||Improvements for online and web gaming|
|Edge 102||31-May-22||With reverse image search and security improvements|
|Edge 100||1-Apr-22||Sends 3-digit user agent string, PDF updates, and hardware-enforces stack protection|
|Edge 99||3-Mar-22||Custom primary password and PDF navigation|
|Edge 98||4-Feb-22||Edge Bar, reduced resource consumption|
|Edge 97||6-Jan-22||Auto-citation, endpoint data loss prevention (DLP)|
|Edge 96||10-Dec-21||Super duper secure mode, typosquatting|
|Edge 90||15-Apr-21||SSO, PDF printing|
|Edge 89||4-Mar-21||Vertical Tabs, Sleeping Tabs, Startup Boost|
|Edge 88||21-Jan-21||Password generator, transparent privacy controls|