Microsoft has equipped Edge 140 with an on-device AI scareware blocker that locally detects and neutralizes browser-based tech support scams, and simultaneously patches a security bypass flaw tracked as CVE-2025-53791. The stable build, version 140.0.3485.54, began rolling out in early September 2025, bundling Chromium security updates with three Microsoft-curated security features: the scareware blocker, an HTTPS-first automatic upgrade mode, and the CVE fix. Productivity additions include auto-save for Tab Groups, expanded Copilot integration with GPT-5 Smart Mode, and in-browser media generation via Bing Image and Video Creator.

How the Scareware Blocker Neutralizes Tech Support Scams

Edge's scareware blocker uses a local machine-learning model to inspect page behavior and visual cues—forced full-screen overlays, fake system dialogs, aggressive audio, keyboard or mouse hijacks—and immediately interrupts the page. It exits full-screen, mutes audio, and presents a warning dialog offering choices to close the page, continue, or report the site. Because the model runs on the device, it provides real-time defense without sending full page content to the cloud. The feature is designed specifically for the kind of scareware that tries to frighten users into calling fake support numbers or surrendering credentials.

Users see a clear warning when the blocker activates. In some preview and Canary builds, additional toggles have appeared: block entire sites detected as scams, and optionally share flagged URLs with Microsoft Defender SmartScreen to improve cloud-based reputation. These controls let users choose local blocking without telemetry sharing, or combine both for stronger protection. The approach buys critical seconds against scams that exploit malvertising or rapid domain changes, while keeping the final decision in the user’s hands to reduce false-positive friction.

Strengths and Risks

  • Immediate defense: Local AI cuts the window of exposure; the user isn’t left staring at a threatening page.
  • Privacy-conscious: No page content is sent off-device unless SmartScreen reporting is explicitly enabled.
  • User autonomy: The dialog allows continuation for benign full-screen experiences, avoiding the heavy hand of automatic blocking.

On the other hand, any heuristic or ML detector can misclassify legitimate sites that use aggressive marketing overlays or full-screen UIs. That could increase helpdesk calls. Enabling SmartScreen reporting accelerates global protection but sends classification signals to Microsoft, a telemetry trade-off that enterprises must evaluate against their data policies. Additionally, on-device AI consumes CPU and memory; Microsoft hasn’t published full hardware requirements, so administrators should test the feature on targeted device classes before broad rollout.

Enabling and Managing the Blocker

Users find the toggle under Settings → Privacy, search, and services → Security. Microsoft’s feature page describes the options and a FAQ. For IT admins, Group Policy controls (e.g., ScarewareBlockerProtectionEnabled and related SmartScreen reporting toggles) are available in preview. Official documentation states the blocker is enabled by default for most users, but early reports from some channels suggest staged rollouts or device-class flags may flip the default. Verify on your own fleet before relying on default states.

HTTPS-First Mode Forces Encrypted Connections by Default

Edge 140 introduces an HTTPS-first option that automatically upgrades HTTP requests to HTTPS for public sites. When a site doesn’t support HTTPS, Edge displays a clear warning that the connection is insecure. The feature excludes private network addresses and manually typed HTTP URLs to avoid breaking internal services. Administrators control it with the HttpsOnlyMode policy, mirroring a capability Chrome shipped in 2023. This is a straightforward win for security: it reduces passive eavesdropping and man-in-the-middle exposure on public networks, while educating users through explicit warnings rather than silent fallbacks.

Considerations for Rollout

Some legacy public websites may not handle HTTPS upgrades gracefully or rely on mixed content. Warnings could disrupt workflows. Additionally, because private and manually entered resources are excluded, locally misconfigured services won’t be caught. IT teams should pilot HTTPS-first in safe groups and use the policy to tune exceptions for legacy endpoints.

Tab Groups Auto-Save Finally Becomes Persistent

Years of user requests culminate in Edge 140’s automatic Tab Group saving. Organized groups survive browser restarts and can be revisited without manual steps. The feature is controlled via sync policies—administrators can toggle the openTabs data type using the SyncTypesListDisabled policy. This reduces reliance on third-party session managers and Collections, but users should note that cross-device restoration requires signed-in profiles with sync enabled. Historically, tab persistence has been inconsistent across windows; test in your environment before treating it as a strict session management tool.

Copilot Gains GPT-5 Smart Mode and Media Generation

Edge’s Copilot integration now exposes a Smart Mode option powered by GPT-5. This server-routed capability selects between fast and deep-reasoning models based on the task, delivering answers, summaries, and actions directly in the browser. Rollout is staged and may not yet be visible to all users; Canary and Dev builds show A/B testing. Additionally, Bing media creation tools are surfaced: image generation from the address bar using DALL·E 3, and video creation via Bing Video Creator (using Sora-based generation for short prompts). Copilot-generated interactive podcasts, announced in Microsoft’s roadmap, are also on the way.

Privacy and Governance Concerns

Smart Mode and media tools route through cloud models, meaning usage may be subject to quotas, throttles, and telemetry. Copilot can access page content and context, so enterprises handling sensitive data must apply available policy controls and educate users. Model routing is often opaque—users won’t always know which internal or external model handled a request. IT teams should review Copilot and Bing service agreements before enabling broad access and consider governance frameworks for AI data handling.

RTX Video Super Resolution Requires a Workaround

Edge’s Video Super Resolution (VSR) uses machine learning to upscale streaming video, historically supporting NVIDIA RTX VSR. In mid-2025 builds, the internal “Microsoft Super Resolution” pipeline changed, and UI toggles for selecting the enhancement method were removed or hidden. Several users found a workaround by enabling the experimental flag edge://flags/#edge-video-super-resolution to restore NVIDIA-driven behavior. If you rely on RTX VSR, verify the toggle in your channel and use NVIDIA driver controls as a fallback.

Urgent Patch for CVE-2025-53791

Microsoft’s Edge security release notes for September 5, 2025, include a fix for CVE-2025-53791, a Microsoft-specific security feature bypass. An improper access control condition could allow an attacker to bypass a browser security feature over a network. The vulnerability involves a specific sequence: enabling Edge Split Screen mode, arranging a particular configuration, and running multiple pages to access tokens or manipulate script across expected security boundaries. The National Vulnerability Database (NVD) catalogues the CVE as resolved in build 140.0.3485.54. Organizations must update affected installations immediately using deployment tooling such as SCCM, Intune, WSUS, or enterprise packaging.

  • Confirm current build on endpoints via edge://settings/help or inventory tools.
  • Prioritize updating to 140.0.3485.54 or later through your standard patch management pipeline.
  • If patching is delayed, apply compensating controls: enable Enhanced Security Mode or browser isolation, tighten web-gateway rules, and monitor EDR/web logs for indicators of the attack pattern.

Deployment Guidance and Policy Summary

  • Scareware blocker: User toggle in Privacy → Security; Group Policy ScarewareBlockerProtectionEnabled and associated SmartScreen toggles exist in preview. Test before organization-wide enforcement.
  • HTTPS-first: HttpsOnlyMode policy enables/disables automatic upgrading. Validate exceptions for private subnets and legacy systems.
  • Tab Groups auto-save: Controlled via SyncTypesListDisabled policy and the openTabs data type. Ensure sync is configured appropriately.
  • Copilot/GPT-5 features: Server-routed and may require specific licensing; consult Copilot release notes and internal AI data handling policies.

Final Analysis: A Measured Security and Productivity Upgrade

Edge 140 is a significant release that strengthens the browser’s security posture with a local AI-driven scareware blocker—the headline improvement that, when properly tuned, will materially reduce successful tech support scams. HTTPS-first mode and the CVE fix round out a package focused on safer defaults. Productivity gains from auto-save Tab Groups and deeper Copilot integration make Edge more compelling for knowledge workers.

However, the release’s AI additions and telemetry options demand deliberate policy decisions. SmartScreen reporting accelerates global protection but involves data sharing; Copilot’s opaque model routing and potential for quota limits introduce governance challenges; and feature fragmentation across channels can confuse early coverage. IT teams should pilot the scareware blocker and HTTPS-first in controlled groups, audit telemetry and Copilot usage, and update endpoints promptly to incorporate the CVE fix. For individual users, the new features improve safety and convenience—provided you understand the privacy settings and manage the options to match your risk tolerance.

Quick Reference

  • Scareware blocker: Settings → Privacy, search and services → Security. Enable after pilot testing on representative endpoints.
  • HTTPS-first: Settings → Privacy, search and services → Security → “Automatically switch to more secure connections with Automatic HTTPS”. Admin policy: HttpsOnlyMode.
  • Tab Groups auto-save: Active in Edge 140; admin control via SyncTypesListDisabled + openTabs data type. Roadmap ID: 499430.
  • Update to 140.0.3485.54: Confirmed via edge://settings/help. Incorporates all security fixes.