Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2021.0120
Microsoft Security Update Release for Microsoft Edge (Chromium-based)
14 June 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Microsoft Edge (Chromium-based)
Operating System: Windows
Impact/Access: Reduced Security -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2021-30553 CVE-2021-30552 CVE-2021-30551
CVE-2021-30550 CVE-2021-30549 CVE-2021-30548
CVE-2021-30547 CVE-2021-30546 CVE-2021-30545
CVE-2021-30544
OVERVIEW
The following Chrome CVEs have been released on June 11, 2021.
These CVE were assigned by Chrome. Microsoft Edge (Chromium-based)
ingests Chromium, which addresses these vulnerabilities.
Please see Google Chrome Releases for more information. [1]
Edge version: 91.0.864.48
Chromium version: 91.0.4472.101 [2]
IMPACT
The following vulnerabilities have been addressed:
* CVE-2021-30544
* CVE-2021-30545
* CVE-2021-30546
* CVE-2021-30547
* CVE-2021-30548
* CVE-2021-30549
* CVE-2021-30550
* CVE-2021-30551
* CVE-2021-30552
* CVE-2021-30553
See Security Update Guide Supports CVEs Assigned by Industry Partners [3]
for more information about third-party CVEs in the Security Update Guide.
MITIGATION
It is advised to update Edge to the latest release.
REFERENCES
[1] Google Chrome Releases
https://chromereleases.googleblog.com/2021
[2] Security Update Guide
https://msrc.microsoft.com/update-guide/en-us
[3] Security Update Guide Supports CVEs Assigned by Industry Partners
https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYMbihONLKJtyKPYoAQjyrQ/+LnZyjFQgETEN1LiFRAsAW3w5P1MhyBOM
FHkKBsJD+pi02YhQ8UfqtwGr/td+BafCSUrrNEftlyBiXHEzqTsmlwIuPHRACQl7
YbSps1bAELdxn00smIN+jraVwswMN6VKBooJp+Td+2auaDn6+WJZfjcuEKP1lbHf
dMlDAOzDFwCwBtIqSd6TJo/AO+J6BHnuXpC8/rwT5FwbG8/XhVADVBkdChjpcMxo
Tkn5Np1mSb3Or9/MsLoehLu97/yvwPwq8NOovv2wZYnCTb5Wqhe6prUH5BE3qk5B
4M+lgVvrgsu6wti99qdC5mVMZevFJVdkDRA5GLXtAylXaSYMVajkolnNLy92aSgf
n73ijIueDuxIf4WNdq6Grr6hyY/R+Fkrq/Vk9QFUlXnRxnee+SREws6Nalq0BHyX
xDA0MYaHScqducXAr+3puKR68JDu34z7ZOmf3+xstPCnpK8I3e2Gk5VZ7K1rSQCQ
hhZMuqJHByRZCqI3YAxkubAvyXBskL1grKlzz/NCum7SdlTV71TzCfRijrNA/P/R
Y85v9W6Pjjo9tNc9TpavL8xhCgQTxZoJQBYID8/qGDgsaCAvSPQmjTdmC3FBlLtX
rI1eiorqv7KufLdnZejFVFassWbFWWzrrwUdQcy2osXDnMyaqRiezoyZy7iWEY67
lYGEL2yajGQ=
=0qRW
-----END PGP SIGNATURE-----