Release notes for Microsoft Edge Stable Channel

These release notes provide information about new features and non-security updates that are included in the Microsoft Edge Stable Channel.

To understand Microsoft Edge channels, see the Overview of the Microsoft Edge channels.

Note

For the Stable Channel, updates will roll out progressively over one or more days. To learn more, see Progressive rollouts for Microsoft Edge updates.

Microsoft Edge Web Platform constantly evolves to improve user experience, security, and privacy. To learn more, see Site compatibility-impacting changes coming to Microsoft Edge.

Version 131.0.2903.86: December 5, 2024

Fixed various bugs and performance issues.

Stable channel security updates are listed here.

Version 130.0.2849.108: December 5, 2024

Fixed various bugs and performance issues for Extended Stable channel.

Version 131.0.2903.70: November 25, 2024

Fixed various bugs and performance issues.

Fixes

  • Fixed an issue on Windows that caused rendering issues and missing text when viewing certain PDF files containing Japanese fonts.

Version 131.0.2903.63: November 21, 2024

Fixed various bugs and performance issues.

Stable channel security updates are listed here.

Fixes

  • Fixed an issue which prevented the "Delete browsing data" dialog window from closing after clicking the "Clear now" button.

Version 131.0.2903.51: November 15, 2024

Fixed various bugs and performance issues.

Version 130.0.2849.99: November 14, 2024

Fixed various bugs and performance issues for Extended Stable release.

Version 131.0.2903.48: November 14, 2024

Fixed various bugs and performance issues, Dev channel updates, feature updates, policy updates, and site compatibility impacting changes.

Stable channel security updates are listed here.

Announcement

Microsoft Edge WebView2 Runtime will no longer appear in the Installed Apps list in Windows Settings because it is a persistent system component.

Dev Channel updates

The following Dev channel updates preceded this Stable channel release. The following Dev notes provide detailed information about the changes in each release.

Feature updates

  • Cancel dialog for beforeunload event. Microsoft Edge changed the behavior of the cancel dialog for the beforeunload event. Calling event.preventDefault in a beforeunload event handler won't prevent the dialog from being shown. Instead, event.returnValue = '' needs to be called in the beforeunload event handler to prevent the cancel dialog. The BeforeunloadEventCancelByPreventDefaultEnabled policy is obsolete and no longer works after Microsoft Edge version 130.

  • Changes to Kyber. The Kyber algorithm was standardized with minor technical changes and renamed to the Module Lattice Key Encapsulation Mechanism (ML-KEM). ML-KEM is implemented in the BoringSSL cryptography library, which allows for it to be deployed and utilized by services that depend on this library.

    The changes to the final version of ML-KEM make it incompatible with the previously deployed version of Kyber. Due to this incompatibility the following changes in Microsoft Edge will be made:

    • Edge switches from supporting Kyber to ML-KEM.
    • Edge offers a key share prediction for hybrid ML-KEM (codepoint 0x11EC).
    • The PostQuantumKeyAgreementEnabled flag and the PostQuantumKeyAgreementEnabled policy applies to Kyber and ML-KEM. Note: The PostQuantumKeyAgreementEnabled policy is scheduled for removal in Edge version 141.
    • Edge will no longer support hybrid Kyber (codepoint 0x6399).
  • New sidebar policy. The EdgeSidebarAppUrlHostAllowList policy allows admins to define a list of sites, based on URL patterns, that are not subject to the EdgeSidebarAppUrlHostBlockList. When the policy is configured, the apps listed in the allow list can be opened in sidebar even if they are listed in the block list. For more information, see Manage the sidebar in Microsoft Edge.

Policy updates

New policies

Deprecated policies

Obsoleted policies

Site compatibility impacting changes

Note

Portions of this release note are modifications based on work created and shared by Chromium.org and used according to terms described in the Creative Commons Attribution 4.0 International License.

  • CSS Anchor Positioning: anchor-scope. The anchor-scope property allows limiting the visibility of anchor names to a given subtree.

  • CSS font-variant-emoji. The font-variant-emoji CSS property provides a way to control between colored (emoji-style) and monochromatic (text-style) emoji glyphs. This method can be also done by adding an emoji Variation Selector, specifically U+FE0E for text and U+FE0F for emoji, after each emoji codepoint.

  • CSS highlight inheritance. With CSS highlight inheritance, the CSS highlight pseudo-classes, such as ::selection and ::highlight, inherit their properties through the pseudo highlight chain, rather than the element chain. The result is a more intuitive model for inheritance of properties in highlights.

  • Improvements to styling structure of <details> and <summary> elements. Support more CSS styling for the structure of <details> and <summary> elements to allow these elements to be used in more cases where disclosure widgets or accordion widgets are built on the web. In particular, this change removes restrictions that prevented setting the display property on these elements, and adds a ::details-content pseudo-element to style the container for the part that expands and collapses.

  • @page margin boxes. Add support for page margin boxes, when printing a web document, or exporting it as PDF.

    The @page margin boxes let you define the contents in the margin area of a page, for example to provide custom headers and footers, rather than using the built-in headers and footers generated by the browser.

    A margin box is defined using an at-rule inside a CSS @page rule. The appearance and the contents of a margin box are specified with CSS properties inside the @page rule, including the content property. Counters are also supported, for page numbering. The specification defines two special counter names: page for the current page number and pages for the total number of pages.

  • @property support <string> syntax. Support for <string> syntax component name for registered custom properties.

  • Support currentcolor in relative color syntax. Allow relative colors in CSS (using the from keyword) to use currentcolor as a base. This support lets you set complementary colors, based on an element's text color, for that element's borders, shadows, or backgrounds.

    This feature also includes use cases where color functions are nested with a dependency on currentcolor, for example: color-mix (in srgb, rgb(from currentcolor r g b), white)) or rgb(from rgb(from currentcolor 1 g b) b g r).

  • Support external SVG resources for clip-path, fill, stroke, and marker-* properties. This feature adds support for external references for clip paths, markers, and paint servers (for the fill and stroke properties). For example, clip-path: url("resources.svg#myPath").

  • Direct Sockets API. Allows Isolated Web Apps to establish direct transmission control protocol (TCP) and user datagram protocol (UDP) communications with network devices and systems as well as listen to and accept incoming connections.

  • Exempt Speculation-Rules header from CSP restrictions. Updates the integration between speculation rules and CSP so that CSP only applies to <script type=speculationrules>, and not to the Speculation-Rules header. CSP's script policies are meant to protect against injection of scripts into HTML, and the CSP threat model doesn't relate to HTTP headers. This approach allows easier deployment of speculation rules from CDNs and other edge servers.

  • FedCM as a trust signal for the Storage Access API. Reconciles the FedCM and Storage Access APIs by making a prior FedCM grant a valid reason to automatically approve a storage access request.

    When a user grants permission to use their identity with a third-party identity provider (IdP) on a relying party (RP), many IdPs require third-party cookies to function correctly and securely. This proposal aims to satisfy that requirement in a private and secure manner by updating the Storage Access API (SAA) permission checks to not only accept the permission grant given by a storage access prompt, but also the permission grant given by a FedCM prompt.

    A key property of this mechanism is limiting the grant to cases explicitly allowed by the RP with the FedCM permissions policy, enforcing a per-frame control for the RP and preventing passive surveillance by the IdP beyond the capabilities that FedCM already grants.

  • COOP value noopener-allow-popups. Some origins can contain different applications with different levels of security requirements. In those cases, it can be beneficial to prevent scripts running in one application from being able to open and script pages of another same-origin application.

    In such cases, it can be beneficial for a document to ensure its opener can't script it, even if the opener document is a same-origin one. The noopener-allow-popups Cross-Origin-Opener-Policy value lets documents define that behavior.

  • Select parser relaxation. This change makes the HTML parser allow more tags in <select> besides <option>, <optgroup>, and <hr>.

    This change is in support of the customizable <select> feature but is being shipped first because it can be done separately and has some compat risk.

  • WebGPU: Clip distances. Adds the optional GPU feature clip-distances that allows setting user-defined clip distances in vertex shader outputs. This technique is useful for the applications that need to clip all vertices in a scene that are beyond a user-defined plane, such as many CAD applications.

  • WebGPU: GPUCanvasContext getConfiguration(). Once GPUCanvasContext configure() is called with a configuration dictionary, the GPUCanvasContext getConfiguration() method can be used to check the canvas context configuration. It includes GPU device, format, usage, viewFormats, colorSpace, toneMapping, and alphaMode members. As discussed in issue 4828, web apps can use it to detect whether HDR canvas is supported in WebGPU.

  • WebHID on dedicated workers. Enables WebHID inside dedicated worker contexts. This lets the performance of heavy I/O and processing of data from a HID device on a separate thread, helping to reduce the performance impact on the main thread.

  • WebRTC RTCRtpEncodingParameters.scaleResolutionDownTo. An API that configures WebRTC encoders to scale input frames if they're greater than the specified maxWidth and maxHeight. This API is similar to scaleResolutionDownBy except that resolution constraints are expressed in absolute terms (for example, 640x360) as opposed to relative terms (for example, scale down by 2), avoiding race conditions related to changing input frame size on the fly.

  • Remove the CSS Anchor Positioning property inset-area. With the CSS Working Group resolution on renaming the inset-area property to position-area, this removal cleans up the implementation for a standards compliant feature.

  • Remove non-standard GPUAdapter requestAdapterInfo() method. The WebGPU Working Group decided it was impractical for requestAdapterInfo() to trigger a permission prompt so they removed that option and replaced it with the GPUAdapter info attribute so that web developers can get the same GPUAdapterInfo value synchronously.

Version 130.0.2849.80: November 7, 2024

Fixed various bugs and performance issues.

Stable channel security updates are listed here.

Version 130.0.2849.68: October 31, 2024

Fixed various bugs and performance issues, improved reliability.

Stable channel security updates are listed here.

Improved reliability

  • Fixed a renderer crash (STATUS_BREAKPOINT) that occurred when using some sites with web contents accessibility enabled.

Version 130.0.2849.56: October 24, 2024

Fixed various bugs and performance issues.

Stable channel security updates are listed here.

Fixes

  • Fixed an issue which prevented some browser extensions using the chrome.storage.managed API from functioning correctly.

Version 130.0.2849.52: October 22, 2024

Fixed various bugs and performance issues, improved reliability.

Improved reliability

  • Fixed a browser crash that occurred on startup in On-premises environments when creating a new Microsoft Edge profile.

Version 130.0.2849.46: October 17, 2024

Fixed various bugs and performance issues, Dev channel updates, announcements, feature updates, site compatibility impacting changes, and policy updates.

Note

Portions of this release note are modifications based on work created and shared by Chromium.org and used according to terms described in the Creative Commons Attribution 4.0 International License.

Stable channel security updates are listed here.

Dev Channel updates

The following Dev channel updates preceded this Stable channel release. The following Dev notes provide detailed information about the changes in each release.

Fixes

  • Fixed an issue that prevented the briefcase icon from appearing on the edge://settings/sidebar page when Edge Bar was disabled using the StandaloneHubsSidebarEnabled policy.

  • Fixed an issue that caused rendering issues on some SharePoint sites.

  • Fixed an issue where a "Can't update Microsoft Edge" dialog was mistakenly shown for managed Windows devices.

Announcements

  • Live Captions. The LiveCaptionsAllowed policy was available since Microsoft Edge version 103 but this feature isn't generally available. Clients that have the ExperimentationAndConfigurationServiceControl policy set to 'FullMode' might receive the feature before broad availability. Broad availability will be announced via Microsoft Edge release notes.

  • Cancel dialog for beforeunload event. Microsoft Edge is changing the behavior of the cancel dialog for the beforeunload event in Microsoft Edge version 131. Starting in version 131, calling event.preventDefault in a beforeunload event handler won't prevent the dialog from being shown. Instead, event.returnValue = '' needs to be called in the beforeunload event handler to prevent the cancel dialog. The BeforeunloadEventCancelByPreventDefaultEnabled policy is being obsoleted and will no longer work after Microsoft Edge version 130.

Feature updates

  • Token Binding. Token Binding uses cryptographic certificates on both ends of the TLS connection in an attempt to close the security gap of bearer tokens, which might be lost or stolen. Token Binding is deprecated in Microsoft Edge version 130. Also, the AllowTokenBindingForUrls policy is now obsolete.

  • Copilot browser Context Policies. The EdgeEntraCopilotPageContext policy will be available starting from Microsoft Edge version 130 and will replace the CopilotCDPPageContext policy. The CopilotCDPPageContext policy is deprecated in Microsoft Edge version 130 and will be obsolete in Edge 133.

  • Elevating top settings and improving settings page navigability. To make finding browser settings more efficient, Microsoft Edge is introducing three navigation improvements to Edge Settings. We aren’t changing the functionality of any setting, and all the settings stay on the same page as they are today but are behind clickable sections. These changes are as follows.

    • Introduce quick access to the most used Settings actions on the first place users land when entering Edge Settings (the Profiles page). Clicking the button with the name of the setting navigates users directly to its location.

    • Make densely populated Settings pages (such as Privacy, search, and services, Appearance, Cookies and site permissions, System and performance) easier to navigate by introducing quick access to the most used actions located on that page. Clicking the button with the name of the setting takes users directly to its location.

    • For these densely populated pages, each lengthy section of settings will be a clickable "table of contents" with descriptive subtexts. This helps users locate settings directly and avoid unnecessary scrolling.

    Note: This feature is a controlled feature rollout. If you don't see this feature, check back as we continue our rollout.

  • Edge on macOS now seamlessly opens links in Teams. When Microsoft Edge is configured as the browser to open web links in Teams, then links in Teams chat will be opened through Edge, and Edge launches in the profile that matches with the authenticated profile, users can benefit from a seamless browsing experience that integrates their identity and user data across Microsoft apps. Administrators can control the availability of this feature using the "Choose Which Browser Opens Web Links" Microsoft 365 policy. Note: This feature is a controlled feature rollout. If you don't see this feature, check back as we continue our rollout.

Site compatibility impacting changes

  • Compression dictionary transport with shared Brotli and shared Zstandard. This feature adds support for using designated previous responses, as an external dictionary for content encoding compressing responses with Brotli or Zstandard.

    Enterprises might experience potential compatibility issues with enterprise network infrastructure that intercepts HTTPS traffic and is sensitive to unknown content encodings. The CompressionDictionaryTransportEnabled policy is available to turn off the compression dictionary transport feature.

  • Keyboard focusable scroll containers. This feature improves accessibility by making scroll containers focusable using sequential focus navigation. Today, the tab key doesn't focus scrollers unless tabIndex is explicitly set to 0 or more.

    By making scrollers focusable by default, users without a mouse can now focus clipped content using tab and arrow keys. This behavior is enabled only if the scroller does not contain any keyboard-focusable children. This logic is necessary so there are no regressions for existing focusable elements that might exist within a scroller like a <textarea>.

    If more time is needed to adjust to this new feature, the KeyboardFocusableScrollersEnabled policy is available from Edge 128.

  • Support non-special scheme URLs. Non-special scheme URLs are now supported, for example, git://example.com/path. Previously, the URL parser didn't support non-special URLs. The parser parses non-special URLs as if they had an opaque path, which is not aligned with the URL standard. Now, the URL parser parses non-special URLs correctly, following the URL standard. For more details, see http://bit.ly/url-non-special.

Policy updates

New policies

Deprecated policies

  • CopilotCDPPageContext - Control Copilot with Commercial Data Protection access to page context for Microsoft Entra ID profiles (deprecated)

Obsoleted policies

  • AllowTokenBindingForUrls - Configure the list of sites for which Microsoft Edge will attempt to establish a Token Binding with (obsolete)

Version 129.0.2792.89: October 10, 2024

Fixed various bugs and performance issues.

Stable channel security updates are listed here.

Version 128.0.2739.113: October 10, 2024

Fixed various bugs and performance issues for Extended Stable channel.

Stable channel security updates are listed here.

Version 129.0.2792.79: October 3, 2024

Fixed various bugs and performance issues.

Stable channel security updates are listed here.

Version 128.0.2739.107: October 3, 2024

Fixed various bugs and performance issues for Extended Stable channel.

Stable channel security updates are listed here.

Version 128.0.2739.97: September 26, 2024

Fixed various bugs and performance issues for Extended Stable channel.

Stable channel security updates are listed here.

Version 129.0.2792.65: September 26, 2024

Fixed various bugs and performance issues, and feature updates.

Stable channel security updates are listed here.

Feature updates

  • Microsoft Edge sidebar updates. For inactive sidebar users and new Edge users, the sidebar is turned OFF. Users can always return to Settings > Sidebar and turn the sidebar ON again at any time. For active sidebar users, the current sidebar state stays the same.

    Administrators can control the availability of the sidebar using the HubsSidebarEnabled policy.

Version 128.0.2739.90: September 19, 2024

Fixed various bugs and performance issues Extended Stable channel.

Stable channel security updates are listed here.

Version 129.0.2792.52: September 19, 2024

Fixed various bugs and performance issues, feature updates, site impacting compatibility changes, and policy updates.

Stable channel security updates are listed here.

Note

Portions of this release note are modifications based on work created and shared by Chromium.org and used according to terms described in the Creative Commons Attribution 4.0 International License.

Dev Channel updates

The following Dev channel updates preceded this Stable channel release. The following Dev notes provide detailed information about the changes in each release.

Fixes

Feature updates

  • Update to Microsoft Edge supported operating systems. The minimum supported macOS version is increased to macOS 11. Users on older versions of macOS will no longer receive Microsoft Edge updates. For more information, see Microsoft Edge Supported Operating Systems.

  • Deprecation of the CryptoWallet feature. To improve end user experience, the CryptoWallet feature and the CryptoWalletEnabled policy is deprecated. The CryptoWalletEnabled policy will be obsolete in an upcoming release.

Site compatibility impacting changes

  • Deprecation of non-standard declarative shadow DOM serialization. The prototype implementation, which shipped in 2020 and then updated in 2023, contained a method called getInnerHTML() that could be used to serialize DOM trees containing shadow roots. That part of the prototype wasn't standardized with the rest of the declarative shadow DOM, and has only recently reached spec consensus (for details, see GitHub. As part of that consensus, the shape of the getInnerHTML API changed.

  • Deprecate the includeShadowRoots argument on DOMParser. The includeShadowRoots argument was a never-standardized argument to the DOMParser.parseFromString() function, which was there to allow imperative parsing of HTML content that contains declarative shadow DOM. This function was shipped as part of the initial shipment of declarative shadow DOM. Since the standards discussion rematerialized in 2023, the shape of DSD APIs changed, including this feature for imperative parsing.

    Now that a standardized version of this API, in the form of setHTMLUnsafe() and parseHTMLUnsafe() shipped, the non-standard includeShadowRoots argument needs to be deprecated and removed. All usage should shift accordingly:

    Instead of:

    (new DOMParser()).parseFromString(html,'text/html',{includeShadowRoots: true});

    This can be used instead:

    document.parseHTMLUnsafe(html);

  • Rename inset-area to position-area. The CSS working group (CSSWG) resolved to rename this property from inset-area to position-area. For more information, see the CSSWG discussion in GitHub.

    The old and new property names are supported for a few milestones, to help developers migrate to the new position-area name. We're shipping the new property name, position-area, as a synonym for inset-area.

    The inset-area property is currently planned for removal in Microsoft Edge version 131.

Policy updates

New policies

Deprecated policies

See also