Overview
- Edge removed the IE mode toolbar button, context menu option, and hamburger menu entries, requiring activation via Settings > Default browser and a defined site list.
- The change followed credible intelligence in August 2025 that attackers abused IE mode using social engineering and unpatched Chakra zero‑day vulnerabilities.
- Attackers directed targets to spoofed, official‑looking sites that used a flyout to prompt a reload in IE mode, then triggered remote code execution via the Chakra engine.
- A second exploit enabled a sandbox escape and full device control, with reported post‑exploitation actions including malware deployment, lateral movement, and data exfiltration.
- Microsoft withheld technical details, vulnerability identifiers, attribution, and scope, and said commercial users can continue using IE mode as configured through enterprise policies.