Microsoft has drawn a definitive line in the sand for Windows 10’s remaining years of practical use, confirming that its Chromium-based Edge browser and the WebView2 Runtime will continue to receive updates on Windows 10, version 22H2, until at least October 2028. The commitment, quietly published in the Microsoft Edge Lifecycle Policy, means that PCs running the decade-old operating system can keep their primary web gateway patched and modern for three full years after the OS itself stops receiving free security fixes in October 2025 — and without requiring enrollment in the paid Extended Security Updates (ESU) program.

The Hard Facts from Microsoft’s Lifecycle Page

The policy language is unambiguous. “Microsoft Edge and the Microsoft WebView2 Runtime will continue to receive updates on Windows 10 22H2 until at least October 2028,” the document states, “coinciding with the end of the Extended Security Updates (ESU) program.” Crucially, it adds, “The ESU program won't be required for devices to continue receiving Microsoft Edge or WebView2 Runtime updates.”

Windows 10, version 22H2 is the final feature update for the OS. Mainstream support for Windows 10 ends on October 14, 2025, after which only devices enrolled in the ESU program — available to both enterprises and consumers with different terms — will receive critical security patches for the operating system itself. The Edge and WebView2 update promise, however, extends cover specifically for the browser and embedded web runtime, even on machines that never pay a cent for ESU.

Why a Three-Year Browser Lifeline Matters

Edge is not just another application on Windows. It is the default browser and, for many users, the main interface to the internet. A stale browser on an unsupported OS would be a hacker’s dream. By ensuring Edge receives the latest Chromium security fixes, Microsoft directly mitigates drive-by downloads, phishing protection gaps, and rendering engine exploits that could otherwise be used to compromise a Windows 10 PC.

WebView2, the runtime used by desktop applications to host modern web content, sits at the intersection of legacy Windows apps and the web. A patched WebView2 means that line-of-business applications, financial tools, and internal portals that embed WebView2 controls can continue to benefit from up-to-date web platform security and APIs. For enterprises clinging to Windows 10 for application compatibility, this removes one large vector of breakage.

The ESU Program: What It Covers and What It Doesn’t

Microsoft’s Extended Security Updates are a paid bridge for organizations and, for the first time, consumers who cannot migrate before October 2025. Here’s the breakdown:

  • Consumer ESU: Individuals can purchase a one-year extension of critical and important security updates. Details are available on Microsoft’s consumer ESU page. Enrollment is separate from the enterprise program and comes with its own end date. No ESU purchase is needed to keep receiving Edge updates.
  • Enterprise ESU: Organizations can buy up to three consecutive annual ESU licenses, all the way through October 2028. Pricing follows a per-device model that escalates each year. ESU covers OS-level vulnerabilities — kernel, drivers, system services — but Microsoft’s policy explicitly excludes Edge and WebView2 from the requirement: those updates are coming regardless.

The key takeaway: Edge and WebView2 are decoupled from the OS servicing stack. Even if you never touch ESU, your browser will stay current until at least late 2028. The operating system will not, unless you pay.

What This Means for Consumers

For the millions of home users still on Windows 10, the news offers a partial reprieve. You can safely continue using Edge for online banking, email, and browsing through 2028, benefiting from the same Chromium engine updates that Windows 11 users get. The practical risk of using an unsupported OS drops considerably when your main internet portal is always locked down.

But that doesn’t make the entire PC safe. Ransomware that exploits a kernel bug, a vulnerable driver, or an unpatched system service can still wreck a machine, no matter how fresh Edge is. Consumers should still consider migrating to Windows 11 or enrolling in consumer ESU if they must stay on Windows 10. And hardware matters: new peripherals and drivers are unlikely to be released for an OS that is out of support, so printers, cameras, and graphics cards may eventually stop working correctly.

Enterprise Impact: Breathing Room with Guardrails

IT departments gain something rare: time. The browser is often the hardest component to lock down in an air-gapped or legacy environment. Knowing that Edge and WebView2 will stay patched allows enterprises to delay some migration projects while they validate Windows 11 compatibility with mission-critical applications. It also buys time to test Windows 365 Cloud PCs as a stopgap.

However, security leaders must weigh the residual risk. OS-level vulnerabilities remain, and without ESU, even a fully patched browser cannot protect against an attack that exploits, say, the Windows print spooler or the network stack. For regulated industries, relying on browser updates alone may not satisfy compliance requirements that demand a supported OS. Third-party software vendors may also begin dropping Windows 10 support even if Edge keeps running, fracturing the application ecosystem over time.

Strengths of Microsoft’s Decoupling Strategy

The decision to separate browser and runtime servicing from the OS lifecycle has several clear advantages:

  • Targeted risk reduction: It addresses the most frequently exploited attack surface — the browser — without pretending to solve everything.
  • Developer consistency: WebView2 developers can continue targeting a modern web platform inside Windows 10 apps, avoiding a forced upgrade for their own code.
  • Migration flexibility: Organizations stuck on Windows 10 due to Intune or group policy dependencies can keep web-facing workloads secured while they plan their next move.

Risks, Caveats, and What Still Isn’t Protected

No one should mistake browser patches for a complete security blanket. Consider these persistent threats:

  • OS-level exploits: Unpatched local privilege escalation bugs, kernel-mode vulnerabilities, and service-side flaws remain prime targets for attackers post-October 2025.
  • Driver and firmware rot: Old drivers stop being updated. New hardware likely won’t have Windows 10 drivers. Firmware attacks (e.g., UEFI bootkits) often rely on lower-level weaknesses that browser updates can’t fix.
  • Third-party browsers: While Google Chrome, Mozilla Firefox, and others will likely support Windows 10 for some time, their timelines aren’t Microsoft’s to dictate. Enterprises relying on multi-browser environments must verify each vendor’s commitment.
  • Office apps: Microsoft announced that Office apps will stop receiving new features on Windows 10 in August 2026, though security fixes will continue until 2028. This fragments the “fully supported” label further.
  • Compliance gaps: Regulations like HIPAA, PCI DSS, or NIST often mandate an OS that is within its vendor support window. A patched browser on an unsupported OS may not satisfy auditors.

A Pragmatic Migration Checklist

For users and administrators navigating this transition, a structured approach minimizes risk:

  1. Inventory devices: identify which machines must stay on Windows 10 for app compatibility or cost reasons, and which can be upgraded immediately.
  2. Evaluate ESU for critical endpoints: if a device stores sensitive data or sits on a production network, budget for ESU licenses to keep the OS patched through 2028.
  3. Lock down the Windows 10 version: ensure all clients run Windows 10, version 22H2, as Microsoft’s Edge/WebView2 commitment applies specifically to that release.
  4. Keep Edge and WebView2 on auto-update: configure policies to force automatic updates and monitor WebView2-dependent applications.
  5. Check third-party support: contact hardware and ISV vendors now to understand their Windows 10 deprecation timelines.
  6. Plan the migration: target Windows 11 (or Windows 365) deployments to complete before October 2028, prioritizing devices not covered by ESU or with legacy dependencies that will age out.
  7. For home users: if your hardware meets Windows 11 requirements, upgrade. If not, explore consumer ESU enrollment or a new PC purchase before October 2025.

The Bigger Picture: Other Browsers and Office

Microsoft’s move puts a spotlight on the broader ecosystem. Google Chrome and Mozilla Firefox have historically maintained support on older Windows versions for years after Microsoft’s own lifecycle ended, and early indicators suggest they will continue on Windows 10 into 2026 and beyond. However, each vendor sets its own policy, and enterprises should not assume indefinite coverage.

Office, meanwhile, follows a split path. The desktop apps will stop getting new features on Windows 10 in August 2026, but Microsoft will deliver security fixes for Office until October 2028. Users on Windows 10 will get a frozen feature set after mid-2026, which could become a productivity gap compared to Windows 11 machines running the latest Office features.

Editorial Analysis: A Shrewd but Incomplete Fix

Microsoft’s decision to untether Edge from the Windows lifecycle is classic pragmatism. It acknowledges the stubborn reality that hundreds of millions of devices will stay on Windows 10 far past the official EOL. By securing the browser for free, the company reduces the likelihood that a headline-grabbing worm will sweep through unpatched Windows 10 boxes, which would damage the brand and sap confidence in the entire ecosystem.

Yet this move also serves Microsoft’s own interests. Windows 11 adoption has accelerated, recently surpassing Windows 10 in market share, but the shift is still far from complete. By keeping Edge modern, Microsoft maintains a foot in the door for Bing, Office web apps, and its advertising ecosystem on older machines while gently nudging users toward hardware that can run Windows 11.

The phrase “at least October 2028” is a careful hedge. It parallels the ESU timeline precisely, which suggests that if ESU is extended again, Edge support would likely follow. Conversely, if ESU ends, so may Edge updates. Organizations should treat 2028 as a hard deadline for any device that must remain fully supported, and plan to have migrated or retired those machines by then.

Frequently Asked Questions

Will Edge receive updates on all Windows 10 versions?
No. The policy specifically names Windows 10, version 22H2. Earlier LTSC branches or older feature updates are not covered.

Is ESU required for Edge updates?
No. Microsoft explicitly states ESU is not necessary for receiving Edge or WebView2 updates on 22H2.

Does this make Windows 10 safe until 2028?
Partially. The browser will be safe, but the OS itself will not receive security patches without ESU. Kernel-level exploits and driver vulnerabilities remain a concern.

What about Google Chrome and Firefox?
Both are expected to support Windows 10 well beyond 2025, but users should verify each vendor’s roadmap. Chrome has historically supported older Windows versions for years past Microsoft’s support.

Will my hardware still work?
Most current hardware will continue to function, but new peripherals may lack Windows 10 drivers. Over time, driver availability will dwindle.

Conclusion: A Welcome Reprieve, Not a Permanent Solution

Microsoft’s promise to update Edge and WebView2 on Windows 10 22H2 through October 2028 is a significant concession that removes one of the most dangerous risks of staying on an unsupported OS. It buys time for migration, keeps web-facing tasks secure, and eases the burden on IT teams managing complex application estates. However, it is not a substitute for a fully supported operating system. The clock is still ticking on the rest of Windows 10, and the security, compliance, and hardware realities will force a reckoning well before 2028. The smart play is to treat the extended browser support as a safety net, not a permanent home, and to accelerate planning for a world built on Windows 11 — or whatever comes next.