This Same Origin Policy exploit looks pretty bad, and the guy disclosing it doesn't seem to be one for following responsible disclosure protocol, so this one is in the wild with proof-of-concept examples on the guy's site.

http://www.securityweek.com/sop-bypass-microsoft-edge-leads-credential-theft [securityweek.com]

SOP Bypass in Microsoft Edge Leads to Credential Theft

A bug in Microsoft Edge could allow for bypassing the Same Origin Policy (SOP) and for stealing user passwords in plain text, stealing cookies, spoofing content, and other vulnerabilities, independent security researcher Manuel Caballero says.