Nope. The started with the IE 11 source code and ripped a whole load of stuff dealing with compatibility, and previous rendering engines, out. Once they had completed this step they started adding new features in, but it's still got the legacy of Internet Explorer code in it.
I still don't understand how this myth that they wrote Edge from scratch even came to be.
You don't just quickly write a browser from scratch in this day and age. And if you did, it would be so much better than Edge or the other contemporary browsers, because you could start out with a much better architecture...
> I still don't understand how this myth that they wrote Edge from scratch even came to be.
Because people confuse Microsoft marketing fluff with reality?
"Microsoft Edge is built from the ground up to improve productivity, to be more secure, and to correctly, quickly and reliably render Web pages. While Microsoft Edge is the default browser for Windows 10 and is the best fit for most users, some enterprise customers have line-of-business applications built specifically for older Web technologies, which require Internet Explorer 11." [0]
"We designed Microsoft Edge from the ground up to prioritize power efficiency and deliver more battery life" [1]
"Microsoft Edge is designed from the ground up to provide a modern, interoperable, and secure browsing experience"[2]
People buying into slightly disingenuous marketing. MS described Edge as "build from the ground up" leading people to believe that everything was new, whereas you can build from the ground up but still use parts culled from other older projects.
Marketing: it is all fun and games until you validate the claims.
> And if you did, it would be so much better than Edge or the other contemporary browsers, because you could start out with a much better architecture...
New isn't always better. It's not as if no one on the Chrome/Firefox/IE teams are working on the architecture of the existing browsers. If you had the resources to build a new browser from scratch, you probably would not end up with something better than the existing browsers.
Edge just passes links it can't handle to its default handler, like it should[1]. So a link to \\server1\share\file.docx will be sent to Explorer which will try to auth using cached credentials. The attacker can sniff out the NTLM exchange and put the hashed password into a cracker. If your password is weak, then it'll be cracked. Voila! He has your MS username/password.
The larger issue is the lack of 2fa by default. I think these kinds of attacks are symptoms of a larger problem that a lot of hosted services have been ignoring.
[1] There's probably a good argument that Edge should ignore network links like these, but I imagine businesses would be upset if suddenly no one can browse the intranet or open html/jpg/gif items on a share.