Edge 140 Release: Scareware Blocker, HTTPS-First, Tab Groups Auto-Save, GPT-5 Copilot

Microsoft Edge’s September update lands as a significant security-and-productivity release: Edge 140 (stable build 140.0.3485.54) ships a local AI-powered Scareware blocker, an HTTPS‑first upgrade path, automatic persistence for Tab Groups, expanded Copilot/GPT-5 integrations and media-creation tools, plus a patch for a Microsoft‑specific security bypass tracked as CVE‑2025‑53791. These additions tighten Edge’s safety posture while extending its AI-assisted features, but they also introduce new policy controls, privacy trade-offs and enterprise deployment considerations that administrators and power users should weigh carefully. (stealthpuppy.com) (learn.microsoft.com)

Background / Overview​

Microsoft Edge continues to evolve on a two-track path: follow Chromium’s security and platform updates while layering Microsoft‑specific features — especially AI and enterprise controls — on top. Version 140.0.3485.54 entered general availability in early September 2025 and is offered across Stable and Beta channels; the release bundles Chromium security patches and several Microsoft-curated features that address both end‑user safety and admin management. The security changelog for this build explicitly calls out the Edge‑specific CVE fix (CVE‑2025‑53791) and Chromium security updates included in the delivery. (stealthpuppy.com) (learn.microsoft.com)
At a high level, the release brings three user‑facing security enhancements:

• Scareware blocker — an on‑device, AI‑driven detector and interrupter for tech‑support and scareware pages.
• HTTPS‑first mode — an automatic upgrade path from HTTP to HTTPS for public sites, with warnings for sites that don’t support HTTPS.
• A Microsoft‑specific security patch (CVE‑2025‑53791) addressing an improper access control / feature bypass scenario.

It also introduces productivity and AI enhancements such as auto‑save for Tab Groups, deeper Copilot/GPT‑5 integration (Smart Mode), and in‑browser media generation via Bing (images via DALL‑E 3 and short video via Sora). These items expand Edge’s role from a browser to a hybrid browsing + assistant environment. (learn.microsoft.com, microsoft.com)

---

Scareware blocker — what it is and how it works​

What Microsoft is shipping​

Edge’s Scareware blocker is designed specifically to counter full‑screen browser scams and tech‑support frauds that attempt to frighten users into calling fake support numbers, providing credentials, or installing malware. The mechanism runs a local machine‑learning model that inspects page behavior and visual cues (forced full‑screen overlays, fake system dialogs, aggressive audio, keyboard/mouse hijacks) and then interrupts the page by exiting full‑screen, muting audio and showing a warning dialog with options to close the page, continue anyway, or report the site. Microsoft’s feature page describes the protection as local and focused on typical scareware patterns. (microsoft.com)

How users will see it​

When the scanner flags a page, Edge stops the scary behavior and surfaces a clear warning. In some preview builds and Canary testing flows, Edge has exposed additional toggles:

• Block entire sites detected as scams (site‑level blocking).
• Optionally share flagged URLs and a classification label with Microsoft Defender SmartScreen so the cloud reputation service can act on the signal.
  These two behaviors — local interruption plus optional global reporting to SmartScreen — were visible in preview/Canary flows and are reflected in community reporting and testing notes. Forum and early‑test commentary show Microsoft making these controls explicit so users can choose local blocking without enabling telemetry sharing, or vice versa.

Strengths of the approach​

• Immediate, real‑time defense: Local detection protects the user instantly, shortening the window for scams that propagate via malvertising or rapid domain changes.
• Privacy‑forward optioning: (stealthpuppy.com)s(learn.microsoft.com)the need to send full page content to cloud systems; when users opt not to share with SmartScreen, only local actions occur.
• Reasonable user controls: The dialog leaves the final decision to users (close/continue/report), which reduces risk of breaking benign full‑screen experiences while still interrupting likely scams.

Practical caveats and risks​

• False positives and UX friction: Any heuristic or ML detector may misclassify legitimate sites that use aggressive marketing overlays or full‑screen UIs. That can annoy users and increase helpdesk volume.
• Telemetry trade‑offs: Enabling the SmartScreen reporting path accele(stealthpuppy.com) (learn.microsoft.com) flagged URL classifications to Microsoft. Enterprises with strict telemetry policies will need to weigh networked protection benefits against data‑sharing policies.
• Performance and resource use: On‑device AI can consume CPU and memory. Microsoft’s documentation and community reports indicate the feature uses local models but doesn’t provide a full hardware requirements disclosure; administrators should test on targeted device classes.

How to enable or manage Scareware blocker​

• User UI: Settings → Privacy, search, and services → Security (there is a Scareware blocker area). Microsoft published a feature page describing options and frequently‑asked questions.
• Admin controls: E(learn.microsoft.com, microsoft.com)ty via Group Policy / ADMX and the Edge policy templates. Preview notes and community guidance reference a policy named ScarewareBlockerProtectionEnabled and related flags for SmartScreen sharing; admins should validate the exact policy string in the ADMX for their Edge channel before broad roll‑out.

What’s inconsistent in public coverage​

Some third‑party coverage and single‑source pieces claim the feature is off by default in some builds; Microsoft’s official feature documentation states the Scareware blocker is enabled by default for most users, while early reports from some sites and previews suggested toggles are off for some channels or hardware profiles. That discrepancy likely stems from staged rollouts, device‑class (microsoft.com)er flags; treat any “default” claim as conditional and verify on your own fleet. (microsoft.com)

---

HTTPS‑first mode — what’s new and why it matters​

The change​

Edge 140 brings an HTTPS‑first option that attempts to upgrade insecure HTTP connections to HTTPS automatically. If a site does not support HTTPS, Edge shows a clear warning indicating that the connection is insecure. Microsoft notes the feature applies to public sites (not private network addresses and not manually‑typed HTTP URLs), and administrators can enable or restrict it with the HttpsOnlyMode policy. This mirrors a capability Chrome shipped in 2023 and extends the platform’s push to encrypted connections by default. (learn.microsoft.com)

Strengths​

• Better default security: Automatically preferring HTTPS reduces passive eavesdropping and man‑in‑the‑middle exposure on public networks.
• Clear user guidance: The warning for sites that lack HTTPS educates users on risk rather than silently falling back.
• Policy control for IT: Enterprises that host internal HTTP services can exclude them from automatic upgrades or white‑list local endpoints.

Caveats​

• Compatibility problems for legacy sites: Some older public websites may not gracefully support HTTPS redirects or may rely on mixed content; warnings could disrupt workflows.
• Not automatic for private/local resources: Microsoft’s exclusion of private network and manually entered HTTP URLs reduces risk of breaking internal sites — but prevents the feature from catching locally misconfigured services.

Administrators should pilot HTTPS‑first mode in safe groups and use the HttpsOnlyMode policy to tune rollout. (learn.microsoft.com)

---

Tab Groups: auto‑save, sync policy and real‑world impact​

What changed​

After years of users requesting persistence for grouped tabs, Edge 140 adds automatic Tab Group saving so organized groups survive browser restarts and can be revisited without manual steps. Microsoft’s roadmap entry for “Tab Groups – Auto‑Save and Easy Revisit” and multiple release notes indicate the feature is controlled via the sync policy surface — specifically administrators can toggle the “openTabs” data type using the SyncTypesListDisabled policy. This makes tab groups both more persistent and manageable in enterprise environments. (app.cloudscout.one) (windowscentral.com)

Why it matters​

• Real productivity boost: Users who rely on complex, topic‑based tab clusters get frictionless resumption across sessions.
• Reduced reliance on Collections or third‑party tools: Previously, users had to send tabs to Collections or use session manager extensions; auto‑save reduces those workarounds.
• Administrative controls: Organizations can limit or enable tab syncing according to privacy and storage policies.

Caveats and operational notes​

• Users historically saw inconsistent persistence across windows; Edge’s new implementation appears to focus on preserving groups that were explicitly organized, but certain closing/resume edge cases (e.g., closing windows out of order) may still produce unexpected results. Test in your environment before relying on it as a strict session management tool.
• Sync behavior is controlled by the user’s signed‑in profile and by device policies; cross‑device restoration depends on sync being enabled. (microsoft.com) (m365admin.handsontek.net)

---

Copilot, GPT‑5, and content creation primitives​

Copilot Smart Mode (GPT‑5) in Edge​

Microsoft has been rolling GPT‑5 into Copilot surfaces, and Edge’s Copilot mode now exposes a Smart (GPT‑5) option in some builds. Smart Mode is a server‑routed capability that selects an appropriate model variant (fast vs. deep‑reasoning) based on the task; Edge uses the Copilot integration to provide answers, summarizations and actions directly in the browser. Multiple outlets and Microsoft’s Copilot release notes describe Smart Mode’s rollout and how it is being surfaced in Edge’s Copilot UI. Early A/B testing is visible in Canary and Dev builds and may not be available to all users immediately. (microsoft.com, theverge.com)

Media generation: DALL‑E 3 and Sora (Bing Image/Video Creator)​

Edge 140 surfaces media creation features tied to Bing:

• Image creation from the address bar using DALL‑E 3 (Bing Image Creator).
• Video creation via Bing Video Creator, which Microsoft has described as using Sora‑based generation on short prompts. These features are integrated into the browsing flow and aim to reduce friction for rapid content prototyping. (learn.microsoft.com)

Podcasts with Copilot​

Microsoft announced Copilot‑generated podcast capabilities in its Copilot roadmap: users can generate a topic‑based, interactive podcast that they can listen to and query interactively. This feature has appeared in Copilot release notes and coverage in mainstream outlets; rollout timelines are staged. (windowscentral.com)

Privacy, quota and enterprise considerations​

• Server‑side routing and quotas: Because Smart Mode and media tools route to cloud models, usage may be subject to quotas, throttles and telemetry. Admins should examine Copilot and Bing service agreements before enabling broad access.
• Data control: Copilot features may access page content and context; enterprises with sensitive data must use policy controls where available and educate users on safe usage patterns. Early reporting suggests model routing can be opaque — users won’t always know which internal or external model handled a request. (windowsreport.com, windowscentral.com)

---

RTX Video Super Resolution and media enhancement changes​

Edge’s long‑running Video Super Resolution (VSR) capability uses machine learning to upscale streaming videos. Historically, VSR supported GPU‑driven enhancements such as NVIDIA’s RTX Video Super Resolution (VSR). Community reports and Microsoft support discussions show that in mid‑2025 builds the internal “Microsoft Super Resolution” pipeline changed behavior and some UI toggles for selecting the enhancement method were removed or hidden; several users found a workaround by toggling the experimental flag edge://flags/#edge-video-super-resolution to restore NVIDIA‑driven enhancement behavior. Microsoft’s own VSR blog post explains the feature’s hardware constraints and the UI flow for toggling enhancement. If you depend on NVIDIA RTX VSR, verify how the toggle behaves in your channel and use the NVIDIA driver controls as a fallback. (blogs.windows.com, techcommunity.microsoft.com)

---

The security patch: CVE‑2025‑53791 — what admins need to know​

Microsoft lists CVE‑2025‑53791 as a Microsoft‑specific security feature bypass in Edge that could allow an attacker to bypass a browser security feature over a network. Microsoft’s Edge security release notes for September 5, 2025, include this CVE and mark it as fixed in the 140.0.3485.54 build; the National Vulnerability Database (NVD) also catalogues the CVE. The vulnerability description points to an improper access control condition in which a specific sequence of actions — enabling Edge Split Screen mode, arranging a particular configuration, and running multiple pages — could let an attacker access tokens or manipulate script in a way that crosses expected security boundaries. Organizations should update affected Edge installations to the fixed build and ensure devices check for the updated Edge revision via deployment tooling (SCCM, Intune, WSUS, or enterprise packaging). (learn.microsoft.com, nvd.nist.gov)
Action checklist for admins:

• Confirm current Edge build on endpoints: edge://settings/help or inventory tools.
• Prioritize updating clients to 140.0.3485.54 or later using your standard patch management pipeline.
• If immediate patching is delayed, apply compensating controls: restrict risky browsing (Enhanced Security Mode / browser isolation), tighten web‑gateway rules, and monitor EDR/web logs for indicators of the attack pattern described in vendor guidance. (learn.microsoft.com)

---

Deployment guidance and policy settings (summary)​

• Scareware blocker: user toggle in Privacy → Security; ADMX/Group Policy ScarewareBlockerProtectionEnabled and related SmartScreen reporting toggles exist in preview; test policy behavior before organization‑wide enforcement. (microsoft.com)
• HTTPS‑first: HttpsOnlyMode policy available to enable/disable automatic HTTPS upgrading. Validate exceptions for private subnets and legacy systems. (learn.microsoft.com)
• Tab Groups auto‑save: control with SyncTypesListDisabled policy and the “openTabs” data type; ensure that sync is configured for the intended user base. (app.cloudscout.one)
• Copilot/GPT‑5 features: these are server‑routed and may require specific licensing and service availability; consult Copilot release notes and internal policy for AI data handling. (microsoft.com)

---

Strengths, risks and final judgment​

Notable strengths​

• Proactive, layered protection: Scareware blocker addresses a classic and persistent social‑engineering vector at the browser layer, adding local, immediate defense that complements Defender SmartScreen reputation checks.
• Practical encryption defaulting: HTTPS‑first nudges the web toward safer defaults and is a straightforward way to reduce exposure on public networks.
• Productivity gains: Auto‑save Tab Groups and Copilot integrations make Edge more valuable for knowledge‑workers who rely on persistent contexts and AI helpers.

Potential risks and operational pain points​

• Privacy vs speed trade‑offs: SmartScreen reporting accelerates global protection but requires sending classification signals. Enterprises with strict telemetry policies will need to choose controls carefully.
• Feature fragmentation across channels: Canary/Dev/Stable differences and A/B server flags mean admins must test features across representative devices; documentation and default states have differed in places, producing confusion in early coverage. (Microsoft’s page and some third‑party writeups disagree on default toggles for Scareware blocker in certain environments.) (microsoft.com)
• Opaque AI routing and quotas: Copilot Smart Mode’s server routing is powerful but can be opaque for quota and data‑use auditing; organizations should consider governance controls.

Bottom line​

Edge 140 is an important release that strengthens both security and productivity for Windows users. The Scareware blocker is the headline security improvement and — when tuned and managed correctly — will materially reduce successful tech support scams. The HTTPS‑first mode and the CVE fix round out a release focused on safer defaults. However, the release’s AI additions and telemetry options require deliberate policy decisions from IT teams: deploy widely after pilot testing, audit telemetry and Copilot usage, and update endpoints promptly to incorporate the CVE fix.

---

Quick reference — where to find things now​

• Scareware blocker: Settings → Privacy, search and services → Security. Consider enabling only after pilot testing on representative endpoints. (microsoft.com)
• HTTPS‑first: Settings → Privacy, search and services → Security → “Automatically switch to more secure connections with Automatic HTTPS”. Admin policy: HttpsOnlyMode. (learn.microsoft.com)
• Tab Groups auto‑save: feature active in Edge 140; admin control via SyncTypesListDisabled + “openTabs” data type. Roadmap/ID: 499430. (app.cloudscout.one, m365admin.handsontek.net)
• Edge version and security notes: Update to 140.0.3485.54 for the Microsoft‑fixed CVE and Chromium patches. Confirm via edge://settings/help and your enterprise patching tool. (learn.microsoft.com, stealthpuppy.com)

---

Microsoft Edge 140 brings pragmatic security upgrades alongside productivity and AI enhancements. For IT teams, the release is a measured opportunity: adopt the fixed build quickly for security, pilot Scareware blocker and HTTPS‑first in controlled groups, and align Copilot/media features with governance policies before a broad rollout. For individual users, the headline features improve safety and convenience — provided you understand the privacy settings and manage the new options to match your risk tolerance.

---

Source: gHacks Technology News Microsoft Edge 140 brings Scareware blocker, HTTPS-first mode, auto save for Tab Groups - gHacks Tech News