Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2021.0252 Microsoft Security Update Release for Microsoft Edge (Chromium-based) 15 December 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Edge (Chromium-based) Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2021-4102 CVE-2021-4101 CVE-2021-4100 CVE-2021-4099 CVE-2021-4098 Comment: Google is aware of reports that an exploit for CVE-2021-4102 exists in the wild. OVERVIEW The following Chrome CVEs has been released on December 13, 2021. The following CVEs were assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses these vulnerabilities. Please see Google Chrome Releases for more information. [1] Edge version: 96.0.1054.57 Chromium version: 96.0.4664.110 [2] IMPACT The following vulnerabilities have been addressed: * CVE-2021-4098 * CVE-2021-4099 * CVE-2021-4100 * CVE-2021-4101 * CVE-2021-4102 See Security Update Guide Supports CVEs Assigned by Industry Partners for more information about third-party CVEs in the Security Update Guide. [3] MITIGATION It is advised to update Edge to the latest release. REFERENCES [1] Google Chrome Releases https://chromereleases.googleblog.com/2021 [2] Security Update Guide https://msrc.microsoft.com/update-guide [3] Security Update Guide Supports CVEs Assigned by Industry Partners https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/ AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYblAdeNLKJtyKPYoAQivVw//e9EPYC6yQ6zJ0qlZ3AAMGn63O3moueiU zFTNstTcXG49mlGffuUxAvCo34nmbMbd0sapNehRIz/0je+Tnf+hh+SpXyEn4+Q9 +m01nJTdsuQyWHsAFHi9T0BPBLx2m5brai2AW/5NQI4rVG9k8BI1UuG2Qhwnj0VR G3NBSfxvbvqrDRS1bznIW+sIQ5vUXTpYCqVH95DKD5jno89OCSibPy7Gp8O6tswk 2pAsnzy7oBkyFcDNNcw0Kg5qLfk4qWnI9Owxb+qr/rYfXG8o27nkIQkQuCd/AIi2 jokPZ6MpIsBKOZuFthGhzcV7+K9LNCUOLxaq/tow7FEgvjTk/+ul2SNXPKOQa3Wc Te6zBz7yCx+O5zefFoTn13IGbU3vDqhhmTnVoGV81WURXjiq9fEXCJ0ZD1muq07s vjXGx8R5TpouH9ZR0Awr6bDHR3IbOgvXY3SD0uFwQdz8trhb0KmZICGtWtruJBFO eoTeef633I4eGF7YKytkjCEi0sUh1k6s2PT11jkUv4IYBS5bTxGg6RLugEdnu6bR 6i247ApPg6Mp2j1/eMfFPuOxwRIgng2kZknUNh80FcrYmBp77L8RYFxuPHzpSo80 ACBIIUNL+IpDIVzoTAThyI+gR2btx9prebYmNtJXCgJta8WG61aTHPML8KLfP+kN Aox0tCW3iGw= =Nne5 -----END PGP SIGNATURE-----