Would UWA's be vulnerable? This seems like a good reason to abandon Win32 APIs anyway. If each process can be sandboxed from an executable's perspective, it should reduce the risk. If the number of UWP/UWA apps are the majority, then there would be fewer Win32 installs to exploit.
I think this could be a multi-pronged solution. Why not attack both sides? Edge and Chrome should correct their behaviors but Windows should also patch things up with DLL loading to reduce the risk. Maybe a signed manifest could verify the assemblies an app is loading and only authorize execution if it passed a UAC prompt explaining why it is blocked.
As a developer, I appreciate that you can use other DLLs too, but this feels like it should be the exception more than the rule.
I think this could be a multi-pronged solution. Why not attack both sides? Edge and Chrome should correct their behaviors but Windows should also patch things up with DLL loading to reduce the risk. Maybe a signed manifest could verify the assemblies an app is loading and only authorize execution if it passed a UAC prompt explaining why it is blocked.
As a developer, I appreciate that you can use other DLLs too, but this feels like it should be the exception more than the rule.