Microsoft’s Edge browser reportedly allowed Facebook to “run Adobe Flash code behind users’ backs.”

According to ZDNet, the browser “contains a secret whitelist that lets Facebook run Adobe Flash code behind users’ backs,” and “allows Facebook Flash content to bypass Edge security features such as the click-to-play policy that normally prevents websites from running Flash code without user approval beforehand.”

“Prior to February 2019, the secret Flash whitelist contained 58 entries, including domains and subdomains for Microsoft’s main site, the MSN portal, music streaming service Deezer, Yahoo, and Chinese social network QQ,” ZDNet reported, adding that Microsoft eventually “trimmed down the list to two Facebook domains earlier this month after a Google security researcher discovered several security flaws in Edge’s secret Flash whitelist mechanism.”

StatCounter Global Stats claims Edge is the eighth most popular browser, behind Google Chrome, Apple’s Safari, Mozilla Firefox, UC Browser, Opera, Internet Explorer, and Samsung Internet, with just 2.15 percent of the market share.

In 2016, Microsoft attempted to get more users for Edge by creating Windows 10 popups which claimed Edge was safer than the browser they were currently using.

Microsoft’s Edge Mobile browser also includes the neoconservative-backed anti-“fake news” app NewsGuard by default, only requiring activation.