Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2020.0214 ADV200002 | Chromium Security Updates for Microsoft Edge (Chromium-Based) 24 November 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Edge (based on Chromium) Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Unauthorised Access -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2020-16036 CVE-2020-16034 CVE-2020-16033 CVE-2020-16032 CVE-2020-16031 CVE-2020-16030 CVE-2020-16029 CVE-2020-16028 CVE-2020-16027 CVE-2020-16026 CVE-2020-16025 CVE-2020-16024 CVE-2020-16023 CVE-2020-16022 CVE-2020-16018 CVE-2020-16015 CVE-2020-16014 CVE-2020-16012 CVE-2019-8075 Member content until: Thursday, December 24 2020 Reference: ESB-2020.4145 ESB-2020.4144 ESB-2020.4142 ESB-2020.4090 OVERVIEW Microsoft has updated its Edge browser to include security fixes from the upstream Chromium project. Edge version: 87.0.664.41 Chromium version: 87.0.4280.66 for Windows and Linux 87.0.4280.67 for Mac Date Released: 11/19/2020 [1] IMPACT The following vulnerabilities have been addressed: CVE-2019-8075 CVE-2020-16012 CVE-2020-16014 CVE-2020-16015 CVE-2020-16018 CVE-2020-16022 CVE-2020-16023 CVE-2020-16024 CVE-2020-16025 CVE-2020-16026 CVE-2020-16027 CVE-2020-16028 CVE-2020-16029 CVE-2020-16030 CVE-2020-16031 CVE-2020-16032 CVE-2020-16033 CVE-2020-16034 CVE-2020-16036 [1] MITIGATION It is advised to update Edge to the latest release. REFERENCES [1] ADV200002 | Chromium Security Updates for Microsoft Edge (Chromium-Based) https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200002 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBX7xcS+NLKJtyKPYoAQi3tw//eSvVcTa7lpTpCiEXtwFR6vIfQGPktdfQ Gqzq1+BiCNZ3o4fAaehd92FqXLnAkpEdZnDXMhOsnHd21rZdSXJOfKyMTY3NH/YG kgicPZDAEhOGnLjta5zPHSyX+ZxAKTTATmdl8V7XdxTtHyanJoRUVKPPDCrmP9fB wDUB7virGKMygHouFFDN9Kn0bA7x+WtgCcSvBtEAbtMmSMkMgdpz1PII67moT23m 3oVXWLD7xyPc6O7s0Pmxq/E7jHZLlbTtc/ij8wYt5nzK/41jWWoq3Ysa4y5qWDtG indBdQM4Sy7K4Jd6ULRSFIBFW3+Ca9Xg1//Yd+s8u7sTi/ukkUxyXAjPoSMF/Y7m eIUyaYIJ/TDM3fOLyMtHHXsdIOuSJlQF3ixxyD91SK2cS/vlwgdd4d7/TazVA7Y6 HNbhzy+p3sCOkslgARLL13fSJlpuno+P/kS5ksMjbLhPeyxAXCuDV3Ze8EIs59v6 4BNZ9ZtPGE7DiJrQ4IE750oHFgqKVeItKiyLHa/8SJOYZCd2uuR9b1UaGZub2uNm xEnaAjzu6P/Uv1uu/hNtGmKiuJ7mpNtXazQ4ZCGEn4B+kdwRqB5DpgZ/2xSaAYH7 9t18oLFvAE3JAbicTotmENGMH9sIWzAUytdEn+1O2/bbiLI+2fvnqcM3fPGG3USa WXOuW0qDyts= =73x7 -----END PGP SIGNATURE-----