The two browsers share most of the vulnerabilities

Dec 17, 2015 12:49 GMT  ·  By

Microsoft Edge was introduced earlier this year as a modern replacement for Internet Explorer, with the Redmond-based software giant claiming that it’s not only faster and more reliable but also more secure than the old browser.

But a closer look at the recent security bulletins released by Microsoft shows that Microsoft Edge and Internet Explorer share a big part of the found vulnerabilities, which could be a sign that the new browser is just as vulnerable as its predecessor.

The security of Internet Explorer was often criticized, and many preferred to switch to Google Chrome or Mozilla Firefox in search of a browser that would protect them while browsing the web, and Microsoft now claims that Edge is capable of providing at least the same level of protection.

This month, though, Microsoft rolled out patches for both Internet Explorer and Edge: MS15-124 for the former, and MS15-125 for the latter. The company fixed 15 vulnerabilities in IE, and out of them, no less than 11 also existed in Edge, ZDNet writes. But additionally, Edge also had four unique security bugs that did not exist in Internet Explorer.

Sharing part of the code

Microsoft says that vulnerabilities exist in both browsers because they share part of the code, despite the fact that Edge comes with a completely new engine.

“Edge shares a universal code base across all form factors without the legacy add-on architecture of Internet Explorer. Designed from scratch, Microsoft does selectively share some code between Edge and Internet Explorer, where it makes sense to do so,” a company spokesperson is quoted as saying by the aforementioned source.

For the moment, it’s not clear how much of the code exists in both Internet Explorer and Edge, but it’s pretty clear that the two browsers could still be impacted by the very same vulnerabilities in the next months as well. Edge is indeed superior in terms of speed and reliability, but it still lacks key functionality, such as support for extensions. Microsoft, however, has promised to resolve all of these with future updates, including the Redstone release coming in 2016.