-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2021.0252
   Microsoft Security Update Release for Microsoft Edge (Chromium-based)
                             15 December 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:          Microsoft Edge (Chromium-based)
Operating System: Windows
Impact/Access:    Execute Arbitrary Code/Commands -- Remote with User Interaction
                  Reduced Security                -- Remote with User Interaction
Resolution:       Patch/Upgrade
CVE Names:        CVE-2021-4102 CVE-2021-4101 CVE-2021-4100
                  CVE-2021-4099 CVE-2021-4098 

Comment: Google is aware of reports that an exploit for CVE-2021-4102 exists in the wild.

OVERVIEW

        The following Chrome CVEs has been released on December 13, 2021.
                
        The following CVEs were assigned by Chrome.
        Microsoft Edge (Chromium-based) ingests Chromium, 
        which addresses these vulnerabilities. 
        Please see Google Chrome Releases for more information. [1]
                
        Edge version: 96.0.1054.57
        Chromium version: 96.0.4664.110 [2]


IMPACT

        The following vulnerabilities have been addressed:
                	
        * CVE-2021-4098 
        * CVE-2021-4099 
        * CVE-2021-4100 
        * CVE-2021-4101 
        * CVE-2021-4102
        
        See Security Update Guide Supports CVEs Assigned by Industry Partners 
        for more information about third-party CVEs in the Security Update Guide. [3]


MITIGATION

        It is advised to update Edge to the latest release.


REFERENCES

        [1] Google Chrome Releases
            https://chromereleases.googleblog.com/2021

        [2] Security Update Guide
            https://msrc.microsoft.com/update-guide

        [3] Security Update Guide Supports CVEs Assigned by Industry Partners
            https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYblAdeNLKJtyKPYoAQivVw//e9EPYC6yQ6zJ0qlZ3AAMGn63O3moueiU
zFTNstTcXG49mlGffuUxAvCo34nmbMbd0sapNehRIz/0je+Tnf+hh+SpXyEn4+Q9
+m01nJTdsuQyWHsAFHi9T0BPBLx2m5brai2AW/5NQI4rVG9k8BI1UuG2Qhwnj0VR
G3NBSfxvbvqrDRS1bznIW+sIQ5vUXTpYCqVH95DKD5jno89OCSibPy7Gp8O6tswk
2pAsnzy7oBkyFcDNNcw0Kg5qLfk4qWnI9Owxb+qr/rYfXG8o27nkIQkQuCd/AIi2
jokPZ6MpIsBKOZuFthGhzcV7+K9LNCUOLxaq/tow7FEgvjTk/+ul2SNXPKOQa3Wc
Te6zBz7yCx+O5zefFoTn13IGbU3vDqhhmTnVoGV81WURXjiq9fEXCJ0ZD1muq07s
vjXGx8R5TpouH9ZR0Awr6bDHR3IbOgvXY3SD0uFwQdz8trhb0KmZICGtWtruJBFO
eoTeef633I4eGF7YKytkjCEi0sUh1k6s2PT11jkUv4IYBS5bTxGg6RLugEdnu6bR
6i247ApPg6Mp2j1/eMfFPuOxwRIgng2kZknUNh80FcrYmBp77L8RYFxuPHzpSo80
ACBIIUNL+IpDIVzoTAThyI+gR2btx9prebYmNtJXCgJta8WG61aTHPML8KLfP+kN
Aox0tCW3iGw=
=Nne5
-----END PGP SIGNATURE-----