Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2021.0176 Microsoft Security Update Release for Microsoft Edge (Chromium-based) 3 September 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Edge (Chromium-based) Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2021-38642 CVE-2021-38641 CVE-2021-36930 CVE-2021-30624 CVE-2021-30623 CVE-2021-30622 CVE-2021-30621 CVE-2021-30620 CVE-2021-30619 CVE-2021-30618 CVE-2021-30617 CVE-2021-30616 CVE-2021-30615 CVE-2021-30614 CVE-2021-30613 CVE-2021-30612 CVE-2021-30611 CVE-2021-30610 CVE-2021-30609 CVE-2021-30608 CVE-2021-30607 CVE-2021-30606 CVE-2021-26439 CVE-2021-26436 Reference: ESB-2021.2960 OVERVIEW The following Chrome CVEs have been released on August 31, 2021. These CVEs were assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses these vulnerabilities. Please see Google Chrome Releases for more information. [1] Microsoft has also reported a number of unique CVEs not included in the upstream product. Edge version: 93.0.961.38 Chromium version: 93.0.4577.63 [2] IMPACT The following vulnerabilities have been addressed: * CVE-2021-26436 * CVE-2021-26439 * CVE-2021-36930 * CVE-2021-38641 * CVE-2021-38642 * CVE-2021-30606 * CVE-2021-30607 * CVE-2021-30608 * CVE-2021-30609 * CVE-2021-30610 * CVE-2021-30611 * CVE-2021-30612 * CVE-2021-30613 * CVE-2021-30614 * CVE-2021-30615 * CVE-2021-30616 * CVE-2021-30617 * CVE-2021-30618 * CVE-2021-30619 * CVE-2021-30620 * CVE-2021-30621 * CVE-2021-30622 * CVE-2021-30623 * CVE-2021-30624 See Security Update Guide Supports CVEs Assigned by Industry Partners for more information about third-party CVEs in the Security Update Guide. [3] MITIGATION It is advised to update Edge to the latest release. REFERENCES [1] Google Chrome Releases https://chromereleases.googleblog.com/2021 [2] Security Update Guide https://msrc.microsoft.com/update-guide [3] Security Update Guide Supports CVEs Assigned by Industry Partners https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/ AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYTGm2uNLKJtyKPYoAQhd8A/9FxQO+tSMPz9rGZ4FGMfB9HwMmRLHTnr5 TRG78fhdPnL3M1LbjHSF0E0EnK8sekNnEYwhHzvpxJA9xowJTQ9cs9/vDPhqKyQs QSjzkPOdnMr5UBzpUKGldMa2ZQh7UR+PTXhoyk6XQsThUH3LPm1O80QkDbgHWU9R N948B2SnwvwWp02l9FHeGban2TbNFTZN7N95uLHbs5X3NAexR557fWRYLL1t66uS 6KbnrmUpXWHgHPPezb0yJ/OAcMkTuIGSpxLmQaN9rMHJdVIZlI+jyl8fZ1VjdOvt C4aaH+ADkrrRfwMYF64Maps1jOOHSBHehd9pas3VjQ/AbgugV9w47f9ZiqMd1H8l CUZEFwcZExyXSWIYEyQwvQaTbWqS+jOF4iym7eFvR+Ivdiaop4CVeW+a+dWPYLyn b7GBsykLVv1r632wMR6NZXf7ijVofJkS+6uecE74JZ/bK7g2+dJymr9TfBO4pymx /ZAxDDodbNV5R5FS2yAVdk9MIj1SLpYENHOc28/k1AYiwVDov95Br5nFd8RNxX+e s1JQNio4Hwy2yJHDNMdhFnpMlfUHbWCBepi1EmtLFxy0cja56blKJuKStczz5inU PQAuXSSqvPdva0zpVSDRdZC05n29T5hTxn8mjJa6TMeCO04YN+p6kmOsac1GnbSg vXQKaFConV0= =l4Mr -----END PGP SIGNATURE-----