Microsoft specialists announced that they are preparing a new security feature for the Edge browser that will block malicious extensions installed outside the official store.
In Edge, developers have the ability to locally install extensions (sideloading) for testing before publishing them to the official Microsoft Edge store. To do this, enable Developer mode on the extensions management page and click the Load unpacked button.
Regular users can also use this method to install third-party extensions that have not undergone security checks and have not been vetted for malicious functionality.
Even if you remove the dangerous extension afterward, it may already be too late. The company’s specialists note that in recent years attackers have repeatedly tricked users into installing malicious extensions. Such attacks have at times affected hundreds of thousands of users.
It is now being reported that Microsoft Edge will soon be able to “detect and revoke malicious sideloaded extensions.” The developers have not yet disclosed exactly how the browser will identify dangerous extensions. It is only known that the feature is scheduled to launch in November 2025 and will be available in multi-tenant instances worldwide.
It’s worth noting that in recent months Microsoft has been actively working to strengthen the security of its extensions ecosystem. For example, the company introduced the Publish API for developers, implemented additional checks for accounts and the update process, and also began testing warnings about extensions that slow down Edge.