Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2020.0214
ADV200002 | Chromium Security Updates for Microsoft Edge (Chromium-Based)
24 November 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Microsoft Edge (based on Chromium)
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Denial of Service -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Unauthorised Access -- Remote with User Interaction
Reduced Security -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2020-16036 CVE-2020-16034 CVE-2020-16033
CVE-2020-16032 CVE-2020-16031 CVE-2020-16030
CVE-2020-16029 CVE-2020-16028 CVE-2020-16027
CVE-2020-16026 CVE-2020-16025 CVE-2020-16024
CVE-2020-16023 CVE-2020-16022 CVE-2020-16018
CVE-2020-16015 CVE-2020-16014 CVE-2020-16012
CVE-2019-8075
Member content until: Thursday, December 24 2020
Reference: ESB-2020.4145
ESB-2020.4144
ESB-2020.4142
ESB-2020.4090
OVERVIEW
Microsoft has updated its Edge browser to include security fixes
from the upstream Chromium project.
Edge version: 87.0.664.41
Chromium version: 87.0.4280.66 for Windows and Linux
87.0.4280.67 for Mac
Date Released: 11/19/2020
[1]
IMPACT
The following vulnerabilities have been addressed:
CVE-2019-8075
CVE-2020-16012
CVE-2020-16014
CVE-2020-16015
CVE-2020-16018
CVE-2020-16022
CVE-2020-16023
CVE-2020-16024
CVE-2020-16025
CVE-2020-16026
CVE-2020-16027
CVE-2020-16028
CVE-2020-16029
CVE-2020-16030
CVE-2020-16031
CVE-2020-16032
CVE-2020-16033
CVE-2020-16034
CVE-2020-16036
[1]
MITIGATION
It is advised to update Edge to the latest release.
REFERENCES
[1] ADV200002 | Chromium Security Updates for Microsoft Edge
(Chromium-Based)
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200002
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBX7xcS+NLKJtyKPYoAQi3tw//eSvVcTa7lpTpCiEXtwFR6vIfQGPktdfQ
Gqzq1+BiCNZ3o4fAaehd92FqXLnAkpEdZnDXMhOsnHd21rZdSXJOfKyMTY3NH/YG
kgicPZDAEhOGnLjta5zPHSyX+ZxAKTTATmdl8V7XdxTtHyanJoRUVKPPDCrmP9fB
wDUB7virGKMygHouFFDN9Kn0bA7x+WtgCcSvBtEAbtMmSMkMgdpz1PII67moT23m
3oVXWLD7xyPc6O7s0Pmxq/E7jHZLlbTtc/ij8wYt5nzK/41jWWoq3Ysa4y5qWDtG
indBdQM4Sy7K4Jd6ULRSFIBFW3+Ca9Xg1//Yd+s8u7sTi/ukkUxyXAjPoSMF/Y7m
eIUyaYIJ/TDM3fOLyMtHHXsdIOuSJlQF3ixxyD91SK2cS/vlwgdd4d7/TazVA7Y6
HNbhzy+p3sCOkslgARLL13fSJlpuno+P/kS5ksMjbLhPeyxAXCuDV3Ze8EIs59v6
4BNZ9ZtPGE7DiJrQ4IE750oHFgqKVeItKiyLHa/8SJOYZCd2uuR9b1UaGZub2uNm
xEnaAjzu6P/Uv1uu/hNtGmKiuJ7mpNtXazQ4ZCGEn4B+kdwRqB5DpgZ/2xSaAYH7
9t18oLFvAE3JAbicTotmENGMH9sIWzAUytdEn+1O2/bbiLI+2fvnqcM3fPGG3USa
WXOuW0qDyts=
=73x7
-----END PGP SIGNATURE-----