Microsoft has released a major update for its browser in the Stable Channel. Version 131 is now available to all users, offering many small improvements, some feature updates, policy changes, security fixes, and more.
Here is the changelog with feature updates in Microsoft Edge 131:
Cancel dialog for beforeunload event. Microsoft Edge changed the behavior of the cancel dialog for the beforeunload event. Calling event.preventDefault in a beforeunload event handler won"t prevent the dialog from being shown. Instead, event.returnValue = "" needs to be called in the beforeunload event handler to prevent the cancel dialog. The BeforeunloadEventCancelByPreventDefaultEnabled policy is obsolete and no longer works after Microsoft Edge version 130.
Changes to Kyber. The Kyber algorithm was standardized with minor technical changes and renamed to the Module Lattice Key Encapsulation Mechanism (ML-KEM). ML-KEM is implemented in the BoringSSL cryptography library, which allows for it to be deployed and utilized by services that depend on this library.
The changes to the final version of ML-KEM make it incompatible with the previously deployed version of Kyber. Due to this incompatibility the following changes in Microsoft Edge will be made:
- Edge switches from supporting Kyber to ML-KEM.
- Edge offers a key share prediction for hybrid ML-KEM (codepoint 0x11EC).
- The PostQuantumKeyAgreementEnabled flag and the PostQuantumKeyAgreementEnabled policy applies to Kyber and ML-KEM. Note: The PostQuantumKeyAgreementEnabled policy is scheduled for removal in Edge version 141.
- Edge will no longer support hybrid Kyber (codepoint 0x6399).
New sidebar policy. The EdgeSidebarAppUrlHostAllowList policy allows admins to define a list of sites, based on URL patterns, that are not subject to the EdgeSidebarAppUrlHostBlockList. When the policy is configured, the apps listed in the allow list can be opened in sidebar even if they are listed in the block list. For more information, see Manage the sidebar in Microsoft Edge.
Microsoft Edge 131 also includes all the fixes and small improvements from the previous four Edge 131 Dev updates. You can check those release notes in detail here:
Finally, Edge 131 patches several security vulnerabilities. One is Edge-specific (CVE-2024-49025), and eight are Chromium-related. More details about the security fixes are available in the Security Update Guide.