Microsoft Edge 110 Incompatibility Crash with ESET Endpoint (Feb 12, 2023)

[secured2k 2]

After upgrading to Microsoft Edge 110, Edge will crash with Web Application filtering enabled. Issue did not happen with MS Edge 109. 

Environment is W11, 22H2 with January Updates. All VBS features enabled.

ESET Endpoint Security 10.0.2034. Also reported on the home version products.

 

I attached a debugger and found the crash appears with an ESET module, "eOppMonitor". This module appears to be associated with web filtering (Enable Application Protocol Content Filtering).

 

Possible options until it is fixed with an update:

• Turn off the filtering feature.
• Revert to Edge 109
• Enable web filtering (Including TLS) exceptions for affected applications like msedge.exe
• Enable Secure browser for all browser windows (this appears to load the browser in a VM and somehow avoids the crash).

 

Technical:

ExceptionAddress: 00007ff994a6f0f8 (msedge!prerender::NoStatePrefetchManager::StartPrefetchingWithPreconnectFallback+0x000000000000039c)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000001
   Parameter[1]: 000000000000001a
Attempt to write to address 000000000000001a

FAULTING_THREAD:  00002e2c

PROCESS_NAME:  msedge.exe

IMAGE_VERSION:  110.0.1587.41

IMAGE_NAME:  msedge.dll

FAILURE_BUCKET_ID:  NULL_CLASS_PTR_WRITE_c0000005_msedge.dll!prerender::NoStatePrefetchManager::StartPrefetchingWithPreconnectFallback

OS_VERSION:  10.0.22621.1

BUILDLAB_STR:  ni_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

SYMBOL_NAME:  msedge!prerender::NoStatePrefetchManager::StartPrefetchingWithPreconnectFallback+39c

MODULE_NAME: msedge

00000083`f2bfde60 00007ffa`3d617a4a     : 00000083`f2bfe048 00000083`f2bfe048 00000000`0000001c 80000000`00000020 : msedge!prerender::NoStatePrefetchManager::StartPrefetchingWithPreconnectFallback+0x39c
00000083`f2bfdfa0 00007ff9`982b512e     : 00000083`f2bfe140 00000000`00000001 00000083`f2bfe238 0000339c`0e5a94c0 : eOppMonitor+0x17a4a
00000083`f2bfe000 00007ff9`93b271f1     : 00000000`00000000 00007ff9`93b27165 00007ff9`9cf1c582 00007ff9`9d38165c : msedge!prerender::NoStatePrefetchManager::AddPrerenderForNtp+0x140
00000083`f2bfe210 00007ff9`936b4f3a     : 00000000`00000000 00000000`00000000 0000339c`08393bf0 00000449`bc10f6c0 : msedge!prerender::PrerenderNtpManager::AddPrerenderInternal+0x71
00000083`f2bfe260 00007ff9`924301ac     : aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa : msedge!IdleManager::NotifyIdleStateChanged+0x12a
00000083`f2bfe320 00007ff9`915a0477     : aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa : msedge!base::RepeatingTimer::RunUserTask+0x4c
00000083`f2bfe350 00007ff9`909a451e     : aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa : msedge!base::internal::DelayTimerBase::OnScheduledTaskInvoked+0x37
00000083`f2bfe390 00007ff9`909a1fe6     : 00000000`00000001 00000083`f230a000 00000000`00000001 00007ffa`59b578c8 : msedge!base::TaskAnnotator::RunTaskImpl+0x1ee
00000083`f2bfe4e0 00007ff9`909b67e7     : aaaaaaaa`aaaaaaaa 00005dec`00222b01 00005dec`00278500 00005dec`00278500 : msedge!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl+0x666
00000083`f2bfe7d0 00007ff9`92091792     : 00000083`f2bfebd8 0000006d`c2f2e8a7 0000c360`c58e64e3 00000000`00000001 : msedge!base::MessagePumpForUI::DoRunLoop+0x857
00000083`f2bfeb50 00007ff9`92a38020     : 00005dec`00238320 00000083`f2bfecf0 00000083`f2bfed98 00007ff9`912bb7e3 : msedge!base::MessagePumpWin::Run+0x82
00000083`f2bfebb0 00007ff9`9288bdd3     : 00000000`00000000 00000000`00000178 00000083`0000002f 0000c360`c58e63d3 : msedge!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run+0x100
00000083`f2bfec40 00007ff9`92736ae0     : 00000000`00000000 00000000`00000000 00000000`00000000 0000006d`c2f2e898 : msedge!base::RunLoop::Run+0x143
00000083`f2bfed70 00007ff9`927367b9     : 00000083`f2bfef20 00007ff9`929f9b40 0000339c`00034088 00000000`0000001c : msedge!content::BrowserMainLoop::RunMainMessageLoop+0x9a
00000083`f2bfede0 00007ff9`927360a9     : 00000000`00000000 00007ff9`9d399218 00000000`00000018 00000000`00000000 : msedge!content::BrowserMain+0xa4
00000083`f2bfee90 00007ff9`927355e8     : aaaaaaaa`aaaaaaaa 0000aaaa`aaaaaaaa 00007ff9`9c725790 00007ff6`00000001 : msedge!content::RunBrowserProcessMain+0xd2
00000083`f2bfef90 00007ff9`926e593a     : 00000083`f2bff140 00007ff9`926e422c 00000000`001e001c 0000027d`862473b0 : msedge!content::ContentMainRunnerImpl::RunBrowser+0x4be
00000083`f2bff0f0 00007ff9`926e4dd1     : 00005dec`00238320 0000c360`c58e7e63 aaaaaaaa`aaaaaaaa aaaaaaaa`aaaaaaaa : msedge!content::ContentMainRunnerImpl::Run+0x31a
00000083`f2bff230 00007ff9`926e3445     : 00007ff6`219c0000 00006ebc`0027c140 00000083`f2bff530 0000027d`86204d60 : msedge!content::ContentMain+0x21f
00000083`f2bff450 00007ff6`21a7f5c8     : 00007ff6`21cd05a0 00007ff9`926e31a0 00000000`21cd0500 00006ebc`002702a0 : msedge!ChromeMain+0x2a5
00000083`f2bff630 00007ff6`21a7c623     : 00000000`0027c100 aaaaaaaa`aaaaaaaa 00006ebc`0027c140 0000006d`c2e4ee52 : msedge_exe!MainDllLoader::Launch+0x392
00000083`f2bff8c0 00007ff6`21b3aee2     : 00000000`00000000 00007ff6`21b3af59 00000000`00000000 00000000`00000000 : msedge_exe!wWinMain+0x468
00000083`f2bffdc0 00007ffa`59cf26bd     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : msedge_exe!__scrt_common_main_seh+0x106
00000083`f2bffe00 00007ffa`5b08dfb8     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x1d
00000083`f2bffe30 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x28

 

[secured2k 2]

Further testing found the issue is something in the new update for Edge may be trying to query or access sites ESET considers a secure banking or payment site. ESET detects the attempt and tries to read the website that was opened in a tab, but since the website was not in a tab/address bar, no data is presented to the programs - which results in a crash. This also could be ESET trying to close the Edge browser window that needed to be redirected but also does not exist.

It looks like the product needs some improvement with compatibility with whatever Edge/Chromium is doing now as well as some additional validation (corrected coding/programming) to prevent redirection failure.

The current work around is to disable the Automatic Redirection if enabled under the Secure browser settings. See the image below from ESET Endpoint Security, under Web and Email, Secure Browser Settings. Note: The list is maintained by ESET so it may be possible for them to fix or disable the feature in an automatic module update (Secure Browser module, v1294, Jan 10, 2023).

 

[jatclake999 0]

Same issue today with Edge crashing. 

Followed the above solution and this has solved it. 

 

ESET need to advise when fix is available as running with redirection turned off

[Peter Randziak 928]

Hello guys,

The dev team is on it.

I can confirm that we see multiple reports of the issue, but the scenario does lead to crash in all cases.

I’m unable to reproduce it with MS Edge 110.0.1587.41 myself.

[Peter Randziak 928]

The dev team decided to disable Protected websites redirection feature for Chrome and MS Edge browsers, until the issue is resolved in order to prevent the browsers crashes.
The change will be distributed via an Rapid response module update (probably with version 21778).
After the automatic update, the Chrome and MS Edge won't crash anymore, but the Protected websites redirection feature will not work until we release the full fix.

Disabling the Protected websites redirection feature resolves the issue.

Another way to resolve the issue is to use the Secure all browsers option.
We apologize for the inconvenience caused by this issue.

[Peter Randziak 928]

The issue is fixed in the Banking & payment protection module 1296. As of now it is available on pre-release update channel, full release is expected during the next week if no issues will be reported.
The Protected websites redirection feature for Chrome and MS Edge browsers will be enabled back with the module update.

The browsers restart is required after the module update to apply the fix.

Peter on behalf of the teams involved

[dg1113 0]

Where can I find "Protected websites redirection feature" to disable? I cannot find it.

[Marcos 4,614]

1 hour ago, dg1113 said:

Where can I find "Protected websites redirection feature" to disable? I cannot find it.

This was done automatically for the affected version of Chrome and Edge. In general, redirection is disabled by default by enabling Secure all browsers: