Operating System:

[WIN]

Published:

23 July 2021

Protect yourself against future threats.

//Service

Incident Management

Whether it is proactive or reactive services you're after, we will help you detect, interpret and respond to attacks from across the globe.

Read more
Resources > Security Bulletins > ASB-2021.0164 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2021.0164
   Microsoft Security Update Release for Microsoft Edge (Chromium-based)
                               23 July 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:          Microsoft Edge (Chromium-based)
Operating System: Windows
Impact/Access:    Execute Arbitrary Code/Commands -- Remote with User Interaction
                  Increased Privileges            -- Existing Account            
                  Denial of Service               -- Remote with User Interaction
                  Access Confidential Data        -- Remote with User Interaction
                  Reduced Security                -- Remote with User Interaction
Resolution:       Patch/Upgrade
CVE Names:        CVE-2021-36931 CVE-2021-36929 CVE-2021-36928
                  CVE-2021-30589 CVE-2021-30588 CVE-2021-30587
                  CVE-2021-30586 CVE-2021-30585 CVE-2021-30584
                  CVE-2021-30583 CVE-2021-30582 CVE-2021-30581
                  CVE-2021-30580 CVE-2021-30579 CVE-2021-30578
                  CVE-2021-30577 CVE-2021-30576 CVE-2021-30575
                  CVE-2021-30574 CVE-2021-30573 CVE-2021-30572
                  CVE-2021-30571 CVE-2021-30569 CVE-2021-30568
                  CVE-2021-30567 CVE-2021-30566 CVE-2021-30565
Reference:        ESB-2021.2463

OVERVIEW

        The following Chrome CVEs have been released on July 22, 2021.
        
        These CVEs were assigned by Chrome. Microsoft Edge 
        (Chromium-based) ingests Chromium, which addresses these 
        vulnerabilities. Please see Google Chrome Releases for more 
        information. [1]
        
        Edge version: 92.0.902.55
        Chromium version: 92.0.4515.107 [2]


IMPACT

        The following vulnerabilities have been addressed: 
        * CVE-2021-36928
        * CVE-2021-36929
        * CVE-2021-36931
        * CVE-2021-30565
        * CVE-2021-30566
        * CVE-2021-30567
        * CVE-2021-30568
        * CVE-2021-30569
        * CVE-2021-30571
        * CVE-2021-30572
        * CVE-2021-30573
        * CVE-2021-30574
        * CVE-2021-30575
        * CVE-2021-30576
        * CVE-2021-30577
        * CVE-2021-30578
        * CVE-2021-30579
        * CVE-2021-30580
        * CVE-2021-30581
        * CVE-2021-30582
        * CVE-2021-30583
        * CVE-2021-30584
        * CVE-2021-30585
        * CVE-2021-30586
        * CVE-2021-30587
        * CVE-2021-30588
        * CVE-2021-30589
        
        See Security Update Guide Supports CVEs Assigned by Industry 
        Partners [3] for more information about third-party CVEs in the 
        Security Update Guide.


MITIGATION

        It is advised to update Edge to the latest release.


REFERENCES

        [1] Google Chrome Releases
            https://chromereleases.googleblog.com/2021

        [2] Security Update Guide
            https://msrc.microsoft.com/update-guide/en-us

        [3] Security Update Guide Supports CVEs Assigned by Industry Partners
            https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYPo1ZuNLKJtyKPYoAQgXvQ//S3SvcvD4retBZxkun4Hc+UgsGkaA7KcC
LbFWVpS2aNS/ULhZu2oxSYTRdam7rdqSFNmKFCUiotp4YWXfn9pw6AYr9TYqX3D1
SMxKaZdLkjnMQRT/Pt2f3M+WoXLSzwpghJ/e2tjt5SNo5SsMPUt7JXUFtkiDOWpz
XVpMWwcmXGChoj2NDEUpesbhyU/EUfdEEQcOsWafuvZVPqvDRGo1OU4AmZOvjy/H
LN7wlJFJ1YmvyOR9Weon4tBVmO88dZ6f7n3vGK90cUX0plHPAKf8/lfvxVuyjVRI
j90g9Gc1qNI8L+8jl9lQzJBKJDmECi85zOki7e1IXF60XElw5TMQm2isrlp5Jmp6
dAHS2bHWVnSqDAl+j/8Lvk8uQofBUoo2tmxITLblaClGNo+eSjSoi1y2hgM4OwFo
JPaNynzpVvahsjaecFD4Xk6mxsBdhg6ggkACWz0IBGWBlmoT9mN5da8YmOQP1CG1
eTc902yGIy2ZbByyb8nFmQSHzR3snAosH4rj1+K6itDiozlggqL+akHmztWx1ioj
tgN/rJrA0iIs+feRX9h4zd4OwV8Pyc1ZR7hNWqdzs9BolcaXRJOJz9WLhpUD4Btp
UuPsa3luCtBU0lat9QogkM6mOshlcXZ20lvgK0WOjd1+yVDHmAS6QMwhLdaXnzwn
k78HDmyRvY4=
=V/D7
-----END PGP SIGNATURE-----