Microsoft released the new Edge based on Chromium this year. I will show you how to get it.

I deployed the MSI of Edge Chromium Version Stable 80 over the network to Windows 10 PCs. I have also configured WSUS on the server with the new Edge product for updates. It looks like it downloaded just over 10GB of updates in WSUS. Apr 13, 2021 April’s Patch Tuesday brings us several, security-related, Microsoft Office updates and some small changes in UX and accessibility. In addition, Microsoft has also announced the much-needed retirement of the “legacy”, non-Chromium-based Edge Browser. The changes will come into effect at 10:00.

Microsoft announced in 2018 that they will rebuild the Edge browser and use the Chromium project (Which is a code subset of the Chrome browser) as code basis. The (first) final version has been released on January 15th 2020. Depending on your environment, you might have to perform some additional steps to get the new browser on your clients.

Unmanaged Windows 10 Home or Pro

Unmanaged versions means that the clients are not Active Directory/Azure Active Directory joined or do not receive their updates via WSUS, SCCM or Windows Update for Business (WUfB).

These clients will receive the new browser with the regular Windows updates. If you want to block the update to the new Edge, you need the Blocker Toolkit to disable automatic delivery of Microsoft Edge (Chromium-based). This download contains admx files to create group policies blocking the update and the cmd file which sets the required registry key manually.
Alternatively you can set the registry key by yourself:
Registry key:HKEY_LOCAL_MACHINESOFTWAREMicrosoftEdgeUpdate
Key value name:DoNotUpdateToEdgeWithChromium
Key type: REG_DWORD

Values:

• Key is not defined: Distribution is not blocked.
• 0: Distribution is not blocked.
• 1: Distribution is blocked.

Managed Windows 10 devices

If you are using domain joined clients or Windows 10 Enterprise/Education, then the new browser will (for the time being) not be updated automatically. If you want your clients to get the new browser, you have to install it yourself.

The installation file for the new browser can be downloaded from the Microsoft Edge for Business website. This site also contains the download link for the admx files to manage the new edge via group policies.

Microsoft Edge based on Chromium

The last step, if you are using WSUS or SCCM to patch your clients, is to enable a product to update the new edge. You will find the new product “Microsoft Edge” within the folder “Windows”:

After synchronizing, you will find updates for Dev, Beta and stable channel:

Microsoft Edge updates

April’s Patch Tuesday brings us several, security-related, Microsoft Office updates and some small changes in UX and accessibility. In addition, Microsoft has also announced the much-needed retirement of the “legacy”, non-Chromium-based Edge Browser. The changes will come into effect at 10:00 PST. The decision to remove EdgeHTLML, by actively replacing it with Chromium, following the March end-of-support Edge announcement. At the same, Microsoft has encouraged organizations and consumers to upgrade to the latest Edge version.

April Patch Tuesday Highlights

On the 6^th of April, Microsoft has pushed the KB4486672 update for Office Standard 2016, Office Professional 2016, Office Professional Plus 2016, Office Home and Business 2016, and Office Home and Student 2016.

As Askwoody’s MS-DEFCON columnists pointed out, Office 2016 was the only EOS MS product to receive an update. We would like to remind the users that Microsoft officially ended mainstream support for the 2016 business and home versions of Office on the 13^th of October 2016. End of Support is scheduled for the 14^th of October 2025. As expected, the vendor encourages all clients running any of the above-mentioned products to deploy the update as soon as possible.

So far, there’s just one issue associated with the KB4486672 deployment. Some users (i.e., Microsoft has yet to disclose if the issue predominantly affects home or enterprise end-users) might experience Office application stability or non-responsiveness issues. Microsoft stated that the problem lies in the registry code writing process and proposes the following fix:

• Download the KB4486672 update manually and execute the .msi pack. Alternatively, you can use Microsoft’s Update Center to automatically download and deploy the pack.
• Run Regedit.msc with administrative rights.
• Navigate to HKEY_CURRENT_USERSSoftwareMicrosoftOffice16.0General.
• Find the value EnableAdvancedRegistryHangDetection.
• Set value type to DWORD and Value data to 1. Save changes.

Note: if you are unable to locate the General key in 16.0, you will need to create one. When you’re done, define EnableAdvancedRegistryHangDetection under General by right-clicking on the right panel, highlighting new, and left-clicking on the DWORD button.

As mentioned in the intro, Patch Tuesday also delivers several UX and accessibility improvements. To name a few, as of the April roll, Microsoft fixed an issue with the zoom function that appears when a user utilizes the Microsoft Edge IE Mode on a multi-mon high DPI setup.

In addition, MS also fixed a minor HDR-related issue that made the display appear darker. Some child account-related issues were patched – users are now notified when a child account defined in the Family Safety section attains andor requests administrative privileges. Last, but not least, Microsoft also fixed an OneDrive syncing issue that caused the endpoint to stop working if the user would delete files or folders currently in use by OneDrive.

Edge’s anticipated retirement will impact most Windows 10 versions, from build 1803, released in April 2018, all the way to the 20H2 build. Microsoft’s decision to discontinue support for Microsoft Edge and replace the EdgeHTML rendering engine with the Chromium, open-source project, is a sound one and should facilitate the web development process as well as eliminating any disparities in web compatibility. Chromium updates will not impact users running Windows 7, Windows 8.0, or Windows 8.1.

Additional Security Tips

We always encourage our readers and customers to deploy every security and non-related security update in a timely manner. Here are some other things you can try in order to increase your overall security.

#1. Ensure that all Edge related updates are deployed correctly when using a private WSUS server.

To enforce the update all across your endpoint network, make sure that the new Edge version has been added to your WSUS catalog. Please refer to Microsoft’s Edge Management for additional information and instruction on how to deploy Edge with WSUS.

#2. Use legitimate means to deploy security updates.

Only download and install Windows Updates from known and legit sources like MS’s Update Center or MS’s official website. If you receive emails urging you to install critical Windows updates, please disregard and delete the email. Clicking on any of the links enclosed in such messages could lead to debilitating virus infections or even ransomware.

Heimdal™ Security recommends a safe and automatic updating and patching solution to prevent these fraudulent attempts. Patch & Asset Management is your one-stop, fully automated updating and patching toolbox that empowers you to download, install, and configure any 3^rd party, MS, or updates for proprietary software.

#3. Restore points.

Before deploying the new updates, don’t forget to create restore points. No major issues have been reported so far, but better safe than sorry. Creating a restore point is easy and can save you from a lot of trouble if something goes wrong during an update.

Parting thoughts

Edge is dead, long live, well, Edge. April’s patching bout isn’t as ‘meaty’ as the one in March, but still crucial to your endpoint’s wellbeing. As always, stay safe, subscribe to Heimdal’s newsletter for more cybersecurity awesomeness, and shot me an email if you have any more questions.

Chromium Edge Wsus