About Microsoft Edge's secret Flash whitelist

Microsoft’s Edge web browser users a secret Flash whitelist that allows Flash content to run without click to play protection on included sites.

Microsoft Edge, the default browser of Microsoft’s Windows 10 operating system, supports Adobe Flash natively. Flash is set to click-to-play in the browser, and users may disable Flash entirely in the browser’s settings.

Microsoft releases Flash updates regularly on the company’s monthly patch day to fix security issues discovered in Flash.

It came to light recently that Microsoft implemented a Flash whitelist that allowed Flash content to run on 58 different domains without user interaction. Sites on that list included Deezer, Facebook, the MSN portal, Yahoo, or QQ but also entries that one would not necessarily expect on such a list like a Spanish hair salon.

edge flash disable

Microsoft limited the list on this month’s Patch Tuesday update to just two Facebook entries and enforced the use of HTTPS for these sites after a Google engineer filed a bug report with the company in late 2018.

Microsoft obfuscated the list and the Google engineer had to crack it using a dictionary of known and popular domain names.

According to the bug report, Flash content is allowed to load if it is hosted on one of the whitelisted domains or if the Flash element is larger than 398×298 pixels.

Attackers could exploit the list to bypass click to play policies entirely or use XSS vulnerabilities on some of the included sites. Microsoft Edge respects Flash click to play policies on all other sites. Users need to allow the execution of Flash content in Microsoft Edge on non-whitelisted sites.

It is unclear why Microsoft added the whitelist; it is possible that it did so to improve compatibility on select sites. While that would make sense on major sites like Flashbook that still host Flash content, it is unclear which parameters Microsoft used to create the list.

The list features some arcade sites that host Flash games, but does not list equally popular arcade sites that also host Flash games. It is puzzling that some sites are on the list while other are not. It is possible that some sites were added

We contacted Microsoft for comment but have not heard back yet. We will update the article if additional information comes to light.

Closing Words

It is puzzling that Microsoft would add a Flash whitelist to its Edge browser considering that Microsoft never fails to highlight Edge’s security features. Allowing sites to run Flash content without user permission is highly problematic from a security point of view even on popular sites.

Taking away control and not disclosing the fact to users is highly problematic not only from a security point of view but also when it comes to trust.

Now You: What is your take on this?

Ghacks needs you. You can find out how to support us here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader. The post About Microsoft Edge’s secret Flash whitelist appeared first on gHacks Technology News.

Block Microsoft Edge from running in the background on Windows 10

If you run a device that is powered by Microsoft’s Windows 10 operating system, you may have noticed Microsoft Edge processes in the Task Manager or another program even if you don’t run the program.

These processes, MicrosoftEdge.exe, MicrosoftEdgeCP.exe, and MicrosoftEdgeSH.exe, show up as suspended in the task manager.

The processes use no CPU or memory in suspended state; some users may prefer to block Microsoft Edge from running in the background even in suspended state. If you never use Edge, there is virtually no reason why it should launch in the background.

Note that the process works fine on recent versions of Windows 10. It may not work with the not-yet-released Chromium-based version of Microsoft Edge; we will see.

The process requires editing of the Windows Registry and a Settings change. Note that you can still run Microsoft Edge on the device.

Here we go:

Settings app

microsoft edge background

The very first thing you want to do is prevent Edge from running in the background:

  1. Use the shortcut Windows-I to open the Settings application on the Windows 10 device.
  2. Go to Privacy > Background Apps.
  3. Toggle Microsoft Edge on the page so that its status reads off.

Windows Registry

microsoft edge background stop

You need elevated privileges to edit the Registry. I recommend that you create a backup of the Windows Registry before you make the changes.

You can download Registry files from Majorgeeks to make the changes without editing the Registry manually. It is usually better if you make the changes manually to better understand what is being changed.

  1. Tap on the Windows-key, type regedit, and hit the Enter-key on the keyboard to launch the Registry Editor.
  2. Confirm the UAC prompt that is displayed.
  3. Go to HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftMicrosoftEdgeMain
    • If Main does not exist, right-click on MicrosoftEdge and select New > Key, and name it Main.
    • Tip: if you make a mistake naming something, right-click on it and select rename to change the name.
  4. Right-click on Main and select New > Dword (32-bit) Value.
  5. Name it SyncFavoritesBetweenIEAndMicrosoftEdge
  6. Double-click on it and set its value to 1.
  7. Right-click on Main and select New > Dword (32-bit) Value.
  8. Name it PreventLiveTileDataCollection.
  9. Double-click on it and set its value to 1.
  10. Right-click on Main and select New > Dword (32-bit) Value.
  11. Name it AllowPrelaunch.
  12. Make sure the value is set to 0 (it is the default).
  13. Go to HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftMicrosoftEdgeTabPreloader
    1. If TabPreloader does not exist, right-click on MicrosoftEdge and select New > Key, and name it TabPreloader.
  14. Right-click on TabPreloader and select New > Dword (32-bit) Value.
  15. Name it PreventTabPreloading.
  16. Double-click on the new value and set it to 1.
  17. Right-click on TabPreloader and select New > Dword (32-bit) Value.
  18. Name it AllowTabPreloading.
  19. Make sure its value is set to 0.
  20. Restart the computer.

Closing Words

The Microsoft Edge processes should be gone after the restart. You can undo the change by deleting the mentioned keys and values in the Registry, and allowing Edge to run in the background.

Now You: Which is your preferred browser right now?

Ghacks needs you. You can find out how to support us here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader. The post Block Microsoft Edge from running in the background on Windows 10 appeared first on gHacks Technology News.

How to Import and Export Browser Bookmarks

I like to use multiple browsers and always mess around with any new browser in town. And so, quite often I import/export my bookmarks around. If you are looking to move your browser bookmarks to a different browser, then I can help.

In this post, I’ll show you how to import and export bookmarks and other data in:

Chrome

Import bookmarks

  1. Click on the three vertical dots menu at the top-right corner and go to Bookmarks > Import bookmarks and settings.
    bookmarks and settings
  2. Next, either select the an installed browser to directly import the bookmarks, or select the HTML file from your PC. While directly importing, you can select type of data as well, such as browser history, bookmarks, passwords, and search engines. Click on Import when you are done to import the data.
    chrome

Export bookmarks

  1. Click on the three vertical dots menu again and go to Bookmarks > Bookmark manager.
    chrome bookmark manager
  2. Go to Organize > Export bookmarks to HTML file. An HTML file will be ready to download.
    export chrome bookmark

Firefox

Import bookmarks

  1. From the top bar, click on the Show Bookmarks button, and select Show all bookmarks. You may also use Ctrl + Shift + B for this.
    show all firefox bookmarks
  2. Next, click on the Import and Backup menu at the top and click on Import Bookmarks from HTML to import them from an HTML file, or click on Import Data from Another Browser to select another browser to directly import data.
    import bookmarks firefox

Export bookmarks

From the same Import and Backup menu, click on the Export Bookmarks to HTML option and save the HTML.

export firefox bookmarks

Opera

Import bookmarks

  1. Open Opera menu from the top-left corner and click on Settings. Alternatively, you can use the shortcut Alt + P.
  2. Here move to the Browser section from the left menu and click on the Import bookmarks and settings button under the Default browser heading.
    opera bookmarks and settings
  3. Now you can either select a supported browser from the drop-down list or select “Bookmarks HTML file” option to import from an HTML file.
    import opera bookmarks

Export bookmarks

Unfortunately, Opera doesn’t support export feature. However, you can use Bookmarks Import & Export Opera extension to get this functionality. Install and open up the extension, and click on the Export button to download the bookmarks HTML file.

export opera bookmarks

Microsoft Edge

Import bookmarks

  1. Click on the three horizontal dots menu at the top-right corner and select Settings.
  2. Now click on the Import from another browser button under the Import favorites and other info” button.
  3. Next, you can select a supported browser, or click on the Import from file button to import from an HTML file.
    import edge bookmarks

Export bookmarks

Go to the “Import your info” menu again and click on the “Export to file” button to download the HTML file.

export favourites

Note: The export is only available in the Creators Update of Windows 10. In case you haven’t updated Windows 10 to Creators Update, you can use this third-party tool Edge Manage to export favorites.

Internet Explorer

Import bookmarks

  1. Click on the Star icon at the top-right corner, and click on the tiny upside down arrow next to the Add to favorites button. Here click on the Import and export option.
    import and export internet explorer
  2. A wizard will open up. Here you can either select Import from another browser or Import from a file option and then follow the wizard to import data.
    import bookmarks internet explorer

Export bookmarks

  1. Open the same “Import and export” wizard and select the “Export to a file” option.
    export internet explorer bookmarks
  2. On the next page, you can select the type of data that you want to export, including Favorites, Feeds, and Cookies. Afterward, click Next to finish the process and download the HTML file.
    select data internet explorer

Vivaldi

Import bookmarks

  1. Click on the Vivaldi menu button at the top-left corner and select Import Bookmarks and Settings from the File option.
    import vivaldi bookmark settings
  2. From the drop-down menu, you can select a supported browser or an HTML file. Interestingly, Vivaldi also supports importing data from Opera, although Opera natively doesn’t support the export feature.
    import vivaldi bookmark

Export bookmarks

To export bookmarks, go to the File menu again and select “Export Bookmarks” to download the HTML file.

export vivaldi bookmarks

Wrap up

While importing data, try to automatically import from an installed browser instead of an HTML file. This way you’ll be able to import more data, including cookies, bookmarks, history and saved passwords.

The exported HTML file usually only contains bookmarks, so direct importing is better and more convenient.

How to Disable “Save Passwords” Option in Browser

The built-in password manager in most browsers is extremely insecure. The fact that it usually uses your PC’s login password for protecting all your other passwords is more than enough reason to drop it in support of third-party password managers.

If you’re concerned about the security of your passwords, then you should switch to a secure password manager such as LastPass and disable the browser’s built-in password manager.

And to help you with this security leap I’m going to show you how to both disable the Save Password option and remove previously saved passwords in all of the major browsers.

Chrome

In Google Chrome, you can disable the Save Password option and remove the saved passwords as follows:

  1. Click on the main menu at the top-right corner and select Settings from it.
  2. chrome settings
  3. Click on Show advanced settings at the bottom and then uncheck the option “Offer to save passwords with Google Smart Lock for Passwords” under the Passwords and forms section.
  4. disable save password

This will stop chrome from prompting you to save passwords every time you log in to a website. If you want to delete previously saved passwords, then click on the Manage passwords link next to it.

A window will open up where you can see all your saved passwords. Simply click the cross (X) button next to each entry to remove it.

manage google passoword

Firefox

To remove the Save Password prompt and already saved passwords in Firefox, follow the steps below:

  1. Click on the hamburger menu at the top-right corner and select Options from it.
  2. firefox options
  3. Move to the Security section and uncheck the option “Remember logins for sites”. This will stop Firefox from saving your passwords in the future.
  4. disable save password

To delete previously saved passwords, click on the Saved Logins button on the same page. Here you can remove saved passwords and even import them to save anywhere else.

manage firefox password

Opera

In the Opera browser you can do the following steps to disable the Save Password option and delete the already saved passwords:

  1. Step 1: Open the Opera menu from the top-left corner and select Settings from it.
  2. opera settings
  3. Step 2: Here move to the Privacy & security section from the left menu and uncheck the option “Offer to save passwords I enter on the web”.
  4. disable save passwords

To manage the passwords, click on the Show all passwords button below it. You can click on the cross (X) next to each saved password to remove it.

manage opera password

Safari

You can disable the Save Passwords option and manage the previously saved passwords in Safari through below-mentioned steps:

  1. Open the Safari menu and click on Preferences in it.
  2. safari menu
  3. Now uncheck the option Usernames and passwords to stop Safari from saving your passwords.
  4. disable save password

To manage previously saved passwords, click on the Edit button next to the the Usernames and passwords option. Here you can remove passwords individually or in bulk.

Microsoft Edge

In Microsoft Edge, you can prevent the browser from saving your passwords through the following steps:

  1. Go to the Edge main menu at the top-right corner and click on Settings.
  2. edge settings
  3. Here scroll down and click on the View advanced settings button at the end. Scroll further a bit and toggle off the button below the Offer to save passwords option to stop Edge from saving your passwords.

You can click on the Manage my saved passwords button below it to see all the passwords and delete them.

Internet Explorer

And finally, in Internet Explorer, you can manage the Save Passwords option as well as the passwords saved before by doing the following steps:

  1. In Internet Explorer, click on the Gear menu at the top-right corner and select Internet options from it.
  2. internet explorer options
  3. Move to the Content tab and then click on the Settings button in the AutoComplete section.
  4. internet explorer settings
  5. Uncheck the checkbox next to Usernames and passwords on forms and Internet Explorer will stop asking you to save the password.
disable internet explorer save password

You can click on the Manage Passwords button below it to see all the passwords and remove them.

Alternative ways to Delete saved passwords in bulk

To disable the Save password option, you will have to go into the security settings of the respective browser. However, if you just want to delete all of the saved passwords, then there is an alternative method as well.

All browsers come with an option to clear browsing data. This feature also has an option to delete all the saved passwords in bulk. Usually, this option is located in the Privacy and Security settings of a browser. Go there and check the option Saved passwords and delete them.

clear saved password

You can use a cleaning tool like CCleaner to delete saved passwords in multiple browsers at the same time. Just open CCleaner and move to the Applications section. You will see all your installed browsers here. Simply select Saved Passwords under each of the browsers and click on Run Cleaner to delete all the passwords.

delete save password

Do keep in mind that CCleaner also deletes other types of junk files as well in order to clean your PC. If you don’t want to delete the junk data for any reason, then uncheck all the other options first.

Wrapping up

Even though you can decline the Save password prompt whenever you are asked, disabling the browser manager is still important. Simply because you may accidentally confirm the Save Password prompt while logging in and save a sensitive password in the browser’s insecure vault. And to be honest, the Save password prompt is quite annoying too.

How to Disable “Save Passwords” Option in Browser

The built-in password manager in most browsers is extremely insecure. The fact that it usually uses your PC’s login password for protecting all your other passwords is more than enough reason to drop it in support of third-party password managers.

If you’re concerned about the security of your passwords, then you should switch to a secure password manager such as LastPass and disable the browser’s built-in password manager.

And to help you with this security leap I’m going to show you how to both disable the Save Password option and remove previously saved passwords in all of the major browsers.

Chrome

In Google Chrome, you can disable the Save Password option and remove the saved passwords as follows:

  1. Click on the main menu at the top-right corner and select Settings from it.
  2. chrome settings
  3. Click on Show advanced settings at the bottom and then uncheck the option “Offer to save passwords with Google Smart Lock for Passwords” under the Passwords and forms section.
  4. disable save password

This will stop chrome from prompting you to save passwords every time you log in to a website. If you want to delete previously saved passwords, then click on the Manage passwords link next to it.

A window will open up where you can see all your saved passwords. Simply click the cross (X) button next to each entry to remove it.

manage google passoword

Firefox

To remove the Save Password prompt and already saved passwords in Firefox, follow the steps below:

  1. Click on the hamburger menu at the top-right corner and select Options from it.
  2. firefox options
  3. Move to the Security section and uncheck the option “Remember logins for sites”. This will stop Firefox from saving your passwords in the future.
  4. disable save password

To delete previously saved passwords, click on the Saved Logins button on the same page. Here you can remove saved passwords and even import them to save anywhere else.

manage firefox password

Opera

In the Opera browser you can do the following steps to disable the Save Password option and delete the already saved passwords:

  1. Step 1: Open the Opera menu from the top-left corner and select Settings from it.
  2. opera settings
  3. Step 2: Here move to the Privacy & security section from the left menu and uncheck the option “Offer to save passwords I enter on the web”.
  4. disable save passwords

To manage the passwords, click on the Show all passwords button below it. You can click on the cross (X) next to each saved password to remove it.

manage opera password

Safari

You can disable the Save Passwords option and manage the previously saved passwords in Safari through below-mentioned steps:

  1. Open the Safari menu and click on Preferences in it.
  2. safari menu
  3. Now uncheck the option Usernames and passwords to stop Safari from saving your passwords.
  4. disable save password

To manage previously saved passwords, click on the Edit button next to the the Usernames and passwords option. Here you can remove passwords individually or in bulk.

Microsoft Edge

In Microsoft Edge, you can prevent the browser from saving your passwords through the following steps:

  1. Go to the Edge main menu at the top-right corner and click on Settings.
  2. edge settings
  3. Here scroll down and click on the View advanced settings button at the end. Scroll further a bit and toggle off the button below the Offer to save passwords option to stop Edge from saving your passwords.

You can click on the Manage my saved passwords button below it to see all the passwords and delete them.

Internet Explorer

And finally, in Internet Explorer, you can manage the Save Passwords option as well as the passwords saved before by doing the following steps:

  1. In Internet Explorer, click on the Gear menu at the top-right corner and select Internet options from it.
  2. internet explorer options
  3. Move to the Content tab and then click on the Settings button in the AutoComplete section.
  4. internet explorer settings
  5. Uncheck the checkbox next to Usernames and passwords on forms and Internet Explorer will stop asking you to save the password.
disable internet explorer save password

You can click on the Manage Passwords button below it to see all the passwords and remove them.

Alternative ways to Delete saved passwords in bulk

To disable the Save password option, you will have to go into the security settings of the respective browser. However, if you just want to delete all of the saved passwords, then there is an alternative method as well.

All browsers come with an option to clear browsing data. This feature also has an option to delete all the saved passwords in bulk. Usually, this option is located in the Privacy and Security settings of a browser. Go there and check the option Saved passwords and delete them.

clear saved password

You can use a cleaning tool like CCleaner to delete saved passwords in multiple browsers at the same time. Just open CCleaner and move to the Applications section. You will see all your installed browsers here. Simply select Saved Passwords under each of the browsers and click on Run Cleaner to delete all the passwords.

delete save password

Do keep in mind that CCleaner also deletes other types of junk files as well in order to clean your PC. If you don’t want to delete the junk data for any reason, then uncheck all the other options first.

Wrapping up

Even though you can decline the Save password prompt whenever you are asked, disabling the browser manager is still important. Simply because you may accidentally confirm the Save Password prompt while logging in and save a sensitive password in the browser’s insecure vault. And to be honest, the Save password prompt is quite annoying too.