This proof-of-concepts show different ways to bypass Windows mitigations in Edge (mainly CFG). A vulnerability is simulated (using a Windbg breakpoint) to gain a read-write anywhere primitive.
To reproduce, launch Edge on one of the html pages (no other instances). Use script\windbg_attach.ps1 to automatically attach Windbg to all Edge instances. Click on the various options and look at the logs or the crash.
More information in these posts: