Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2021.0187 Microsoft Security Update Release for Microsoft Edge (Chromium-based) 27 September 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Edge (Chromium-based) Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2021-37973 CVE-2021-37972 CVE-2021-37971 CVE-2021-37970 CVE-2021-37969 CVE-2021-37968 CVE-2021-37967 CVE-2021-37966 CVE-2021-37965 CVE-2021-37964 CVE-2021-37963 CVE-2021-37962 CVE-2021-37961 CVE-2021-37960 CVE-2021-37959 CVE-2021-37958 CVE-2021-37957 CVE-2021-37956 Reference: ESB-2021.3174 OVERVIEW The following Chrome CVEs have been released on September 24, 2021. These CVEs were assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses these vulnerabilities. Please see Google Chrome Releases for more information. [1] Microsoft has also reported a number of unique CVEs not included in the upstream product. Edge version: 94.0.992.31 Chromium version: 94.0.4606.54 [2] IMPACT The following vulnerabilities have been addressed: * CVE-2021-37973 * CVE-2021-37972 * CVE-2021-37971 * CVE-2021-37970 * CVE-2021-37969 * CVE-2021-37968 * CVE-2021-37967 * CVE-2021-37966 * CVE-2021-37965 * CVE-2021-37964 * CVE-2021-37963 * CVE-2021-37962 * CVE-2021-37961 * CVE-2021-37960 * CVE-2021-37959 * CVE-2021-37958 * CVE-2021-37957 * CVE-2021-37956 See Security Update Guide Supports CVEs Assigned by Industry Partners for more information about third-party CVEs in the Security Update Guide. [3] MITIGATION It is advised to update Edge to the latest release. REFERENCES [1] Google Chrome Releases https://chromereleases.googleblog.com/2021 [2] Security Update Guide https://msrc.microsoft.com/update-guide [3] Security Update Guide Supports CVEs Assigned by Industry Partners https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/ AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYVEs4eNLKJtyKPYoAQjWSw//RWz5QIqy+YZDI2Mov8y1EfqeN1e6IBQ9 u11hEcIhLlqnABxBxl492H2BoVxnGVDXuEjDAemm187xw1nebylxqCTdpOwpOHHM VZoh/kAe8BYk6xKUmFw+NeeQWUNOQ0inJtr6MgM9eVRKx9PxWY7Y8fHS+SZgGUdD 8LFZLDTFFIioEAroF/4zL/9QuxdoyBQxb108SyOk6nQAKW6ZWOT9BGjWBfQwMPFM 1W3zHW9c3v3KrTuEtwtWQu2zOJcwRMilgq7rqva1v9tYlEV/vNcE/pQvBHFi6Oiv 319fJ9cYPTYyTvygG0FqFR+UE+6BHhATeKmg1FUssUaX5YvXYpbhzNbSSzWiJHKE mW1utyXQwK0Xld9ChzOVxwAeia4bMEZUtDR3vM20WsEySgXozxaIQc95lu6zGNMV ap+UCUkAMXddMpOhpshJf5B4NeacjW63X41tPZjJDhpo5PnqIROApN9vUAuB9aNz 45sAXz67qo0lSdWWw9JtDrQM/g4XM+xmpmdeBEm2T1ierTKkg402F0Hi3amS3Vu8 +VGXA8TAKcfyxPa0ljN6E6xrRCdIghzcJt6J7TRQQske3crgkAm2hnLuF5JAADDL wLqQl7uA2cmA7BIVXxEjpbXIxWlcRC3TW9YclpxF42Vp959WRxleVNZPeEDdeQVS nsYDzQU+PSw= =BMsR -----END PGP SIGNATURE-----