Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2022.0047 Microsoft Security Update Release for Microsoft Edge (Chromium-based) 24 January 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Edge (Chromium-based) Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2022-0310 CVE-2022-0309 CVE-2022-0308 CVE-2022-0307 CVE-2022-0306 CVE-2022-0305 CVE-2022-0304 CVE-2022-0303 CVE-2022-0302 CVE-2022-0301 CVE-2022-0300 CVE-2022-0298 CVE-2022-0297 CVE-2022-0296 CVE-2022-0295 CVE-2022-0294 CVE-2022-0293 CVE-2022-0292 CVE-2022-0291 CVE-2022-0290 CVE-2022-0289 Reference: ESB-2022.0252 OVERVIEW The following Chrome CVEs have been released on January 20, 2022. The following CVEs were assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses these vulnerabilities. Please see Google Chrome Releases for more information. [1] Edge version: 97.0.1072.69 Chromium version: 97.0.4692.99 [2] IMPACT The following vulnerabilities have been addressed: * CVE-2022-0289 * CVE-2022-0290 * CVE-2022-0291 * CVE-2022-0292 * CVE-2022-0293 * CVE-2022-0294 * CVE-2022-0295 * CVE-2022-0296 * CVE-2022-0297 * CVE-2022-0298 * CVE-2022-0300 * CVE-2022-0301 * CVE-2022-0302 * CVE-2022-0303 * CVE-2022-0304 * CVE-2022-0305 * CVE-2022-0306 * CVE-2022-0307 * CVE-2022-0308 * CVE-2022-0309 * CVE-2022-0310 See Security Update Guide Supports CVEs Assigned by Industry Partners for more information about third-party CVEs in the Security Update Guide. [3] MITIGATION It is advised to update Edge to the latest release. REFERENCES [1] Google Chrome Releases https://chromereleases.googleblog.com/2022 [2] Security Update Guide https://msrc.microsoft.com/update-guide [3] Security Update Guide Supports CVEs Assigned by Industry Partners https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/ AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYe4vaONLKJtyKPYoAQjKeg//Wuqg+B1Lbm2ZlUt/Yf/bds+l/nNxgA0m RBWKoYakJZwYkO5yhXe5j3nwNHSK5EXwNwahAwJMVrEuMQyG7DoL2EUVuwKjSvUk Wn5fXyvEUP2Pslp23IKLIPJ8vULVnV3QvX1ojzEdf5kxd5CjjJojQpSp8X5tW8sb s9/fXh5sP/6JHn3BCPcoRO8u9P2cLKRCQ85UzcCP9HVAr4qdR9w8bOPgj3GypxJ6 ajOzHavizpL6CwRlhEWUjxhFmpEf2bYfLHu8D2bEw8bwezK9+AcZcvvJvFSkDoWc N9Wy7D2+oRroNsjNDdJrhNarLoea5OvlI/1OPMvGeSuSGnVuJu3zxD8oZeUXmwGv kA2C8JkNAFJCn5jzsZtl24nF5evvLC1ju/xJu6PIAEDC+9TRi8c5UKVjA3ZOd6ab BgbNVqezT9wnCV0mLi2lWYJ5+C2xKwKZgNsQ0WSaKL7RyGsxPqWmbYdIo+gkfFJi iqJZ72YSg18xw1vCkqOP8qWqfiOTzimbKHtEKr+PpVeks3T0mmsqpF+WmMTf4QRl bSARcFN8zFQEEYxjw4xCV7nwSVMpgXkwxbY10deuX4f4yuYxxUQ6EeqKnfiNe9iv I+6S1NDQhDzC43LWCGe4Fg+WeYShFsn+KI+bpkDfj5XkTY4e5B700TgvNxqEhbaN lOmuEcSdMu0= =YcU2 -----END PGP SIGNATURE-----