Operating System:

[WIN]

Published:

03 September 2021

Protect yourself against future threats.

//Service

Sensitive Information Alert

Alert notification provided via email for sensitive material found online by our analyst team which specifically targets your organisation.

Read more
Resources > Security Bulletins > ASB-2021.0176 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2021.0176
   Microsoft Security Update Release for Microsoft Edge (Chromium-based)
                             3 September 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:          Microsoft Edge (Chromium-based)
Operating System: Windows
Impact/Access:    Execute Arbitrary Code/Commands -- Remote with User Interaction
                  Denial of Service               -- Remote with User Interaction
                  Provide Misleading Information  -- Remote with User Interaction
                  Access Confidential Data        -- Remote with User Interaction
                  Reduced Security                -- Remote with User Interaction
Resolution:       Patch/Upgrade
CVE Names:        CVE-2021-38642 CVE-2021-38641 CVE-2021-36930
                  CVE-2021-30624 CVE-2021-30623 CVE-2021-30622
                  CVE-2021-30621 CVE-2021-30620 CVE-2021-30619
                  CVE-2021-30618 CVE-2021-30617 CVE-2021-30616
                  CVE-2021-30615 CVE-2021-30614 CVE-2021-30613
                  CVE-2021-30612 CVE-2021-30611 CVE-2021-30610
                  CVE-2021-30609 CVE-2021-30608 CVE-2021-30607
                  CVE-2021-30606 CVE-2021-26439 CVE-2021-26436
Reference:        ESB-2021.2960

OVERVIEW

        The following Chrome CVEs have been released on August 31, 2021.
                
        These CVEs were assigned by Chrome. 
        Microsoft Edge (Chromium-based) ingests Chromium, 
        which addresses these vulnerabilities. 
        Please see Google Chrome Releases for more information. [1]
        
        Microsoft has also reported a number of unique CVEs not included in the upstream product.        
        
        Edge version: 93.0.961.38
        Chromium version: 93.0.4577.63 [2]


IMPACT

        The following vulnerabilities have been addressed:
        
        * CVE-2021-26436
        * CVE-2021-26439
        * CVE-2021-36930
        * CVE-2021-38641
        * CVE-2021-38642
        * CVE-2021-30606  
        * CVE-2021-30607  
        * CVE-2021-30608  
        * CVE-2021-30609  
        * CVE-2021-30610  
        * CVE-2021-30611  
        * CVE-2021-30612  
        * CVE-2021-30613  
        * CVE-2021-30614  
        * CVE-2021-30615  
        * CVE-2021-30616  
        * CVE-2021-30617  
        * CVE-2021-30618  
        * CVE-2021-30619  
        * CVE-2021-30620  
        * CVE-2021-30621  
        * CVE-2021-30622  
        * CVE-2021-30623  
        * CVE-2021-30624
        
        See Security Update Guide Supports CVEs Assigned by Industry Partners
        for more information about third-party CVEs in the Security Update Guide. [3]


MITIGATION

        It is advised to update Edge to the latest release.


REFERENCES

        [1] Google Chrome Releases
            https://chromereleases.googleblog.com/2021

        [2] Security Update Guide
            https://msrc.microsoft.com/update-guide

        [3] Security Update Guide Supports CVEs Assigned by Industry Partners
            https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYTGm2uNLKJtyKPYoAQhd8A/9FxQO+tSMPz9rGZ4FGMfB9HwMmRLHTnr5
TRG78fhdPnL3M1LbjHSF0E0EnK8sekNnEYwhHzvpxJA9xowJTQ9cs9/vDPhqKyQs
QSjzkPOdnMr5UBzpUKGldMa2ZQh7UR+PTXhoyk6XQsThUH3LPm1O80QkDbgHWU9R
N948B2SnwvwWp02l9FHeGban2TbNFTZN7N95uLHbs5X3NAexR557fWRYLL1t66uS
6KbnrmUpXWHgHPPezb0yJ/OAcMkTuIGSpxLmQaN9rMHJdVIZlI+jyl8fZ1VjdOvt
C4aaH+ADkrrRfwMYF64Maps1jOOHSBHehd9pas3VjQ/AbgugV9w47f9ZiqMd1H8l
CUZEFwcZExyXSWIYEyQwvQaTbWqS+jOF4iym7eFvR+Ivdiaop4CVeW+a+dWPYLyn
b7GBsykLVv1r632wMR6NZXf7ijVofJkS+6uecE74JZ/bK7g2+dJymr9TfBO4pymx
/ZAxDDodbNV5R5FS2yAVdk9MIj1SLpYENHOc28/k1AYiwVDov95Br5nFd8RNxX+e
s1JQNio4Hwy2yJHDNMdhFnpMlfUHbWCBepi1EmtLFxy0cja56blKJuKStczz5inU
PQAuXSSqvPdva0zpVSDRdZC05n29T5hTxn8mjJa6TMeCO04YN+p6kmOsac1GnbSg
vXQKaFConV0=
=l4Mr
-----END PGP SIGNATURE-----