Microsoft Limits IE Mode in Edge After Chakra Zero-Day Activity Detected

Microsoft has quickly changed a feature in its Edge web browser after getting “credible reports” in August 2025 that threat actors were using it to break into users’ devices. The feature is called Internet Explorer (IE) mode. The feature allowed users to open older websites that depend on legacy components like ActiveX, which remain part of certain enterprise or government workflows. However, this compatibility came with a security risk.

****The Exploit Explained****

For your information, IE mode works by temporarily switching to the older Internet Explorer environment, which does not have the strong security features of the modern, Chromium-based Edge browser. This weakness was noticed by hackers. The Edge security team found that attackers were using social engineering, along with 0-day flaws in Internet Explorer’s JavaScript engine, Chakra.

The attack involved tricking a victim into visiting a fake, official-looking website. Then, a message would appear, asking the user to reload the page in IE mode. Once the user did this, the hackers could use the Chakra flaw to take control of the browser, and then use a second flaw to “gain full control of the victim’s device,” according to the Microsoft Browser Vulnerability Research team.

This activity is particularly concerning because it effectively bypasses modern defences built into Edge, letting threat actors escape the browser and perform various actions like malware deployment, moving within corporate networks (lateral movement), and data exfiltration (stealing sensitive data).

****Microsoft’s Quick Fix****

With clear proof that this was happening, Microsoft’s Edge team proactively removed the easy ways to switch to IE mode. This includes taking away the dedicated button on the toolbar and the options in the main menus. However, Microsoft did not disclose any details regarding the nature of the vulnerabilities, the identity of the threat actor, or the scale of the efforts.

Now, for non-commercial users who still need to use older websites, activating IE mode requires a more deliberate process. Users must now go into the Edge settings and specifically allow certain websites to be reloaded in IE mode.

Here are the steps: Navigate to Settings > Default Browser, then set the ‘Allow sites to be reloaded in Internet Explorer mode’ option to Allow. Finally, add the required website to the list of Internet Explorer mode pages, and reload the site.

David Matalon, CEO at Venn, a New York City–based provider of BYOD security technology, explained that backward compatibility features such as IE mode can unintentionally expand an organization’s attack surface. “Even in modern browsers, these legacy modes bypass security protections, putting all users, both remote and on-site, at risk,” he said

He added that shrinking the attack surface requires disabling or tightly controlling IE mode, educating employees about social engineering, and making sure endpoint protections are actively monitoring for suspicious activity.

“The reality is that in today’s distributed, BYOD-heavy workforces, data often lives outside traditional perimeters,” Matalon continued. “A layered approach that combines timely patching, endpoint controls, data isolation, and least-privilege access is critical to limiting the blast radius when vulnerabilities inevitably emerge,” he said.