-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2022.0049
   Microsoft Security Update Release for Microsoft Edge (Chromium-based)
                              4 February 2022

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:          Microsoft Edge (Chromium-based)
Operating System: Windows
Resolution:       Patch/Upgrade
CVE Names:        CVE-2022-23263 CVE-2022-23262 CVE-2022-23261
                  CVE-2022-0470 CVE-2022-0469 CVE-2022-0468
                  CVE-2022-0467 CVE-2022-0466 CVE-2022-0465
                  CVE-2022-0464 CVE-2022-0463 CVE-2022-0462
                  CVE-2022-0461 CVE-2022-0460 CVE-2022-0459
                  CVE-2022-0458 CVE-2022-0457 CVE-2022-0456
                  CVE-2022-0455 CVE-2022-0454 CVE-2022-0453
                  CVE-2022-0452  
Reference:        ESB-2022.0462

Comment: CVSS (Max):  7.7* CVE-2022-23263 (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
         CVSS Source: Microsoft
         * Not all CVSS available when published

OVERVIEW

        The following Chrome CVEs have been released on February 1, 2022.
                        
        The following CVEs were assigned by Chrome.
        Microsoft Edge (Chromium-based) ingests Chromium, 
        which addresses these vulnerabilities. 
        Please see Google Chrome Releases for more information. [1]
        
        Microsoft has also reported a number of unique CVEs not included in the upstream product.
                                        
        Edge version: 98.0.1108.43
        Chromium version: 98.0.4758.80 [2]


IMPACT

        The following vulnerabilities have been addressed:
        
        * CVE-2022-0452 
        * CVE-2022-0453 
        * CVE-2022-0454 
        * CVE-2022-0455 
        * CVE-2022-0456 
        * CVE-2022-0457 
        * CVE-2022-0458 
        * CVE-2022-0459 
        * CVE-2022-0460 
        * CVE-2022-0461 
        * CVE-2022-0462 
        * CVE-2022-0463 
        * CVE-2022-0464 
        * CVE-2022-0465 
        * CVE-2022-0466 
        * CVE-2022-0467 
        * CVE-2022-0468 
        * CVE-2022-0469 
        * CVE-2022-0470
        * CVE-2022-23261
        * CVE-2022-23262
        * CVE-2022-23263
        
        See Security Update Guide Supports CVEs Assigned by Industry Partners.
        For more information about third-party CVEs in the Security Update Guide. [3]


MITIGATION

        It is advised to update Edge to the latest release.


REFERENCES

        [1] Google Chrome Releases
            https://chromereleases.googleblog.com/2022

        [2] Security Update Guide
            https://msrc.microsoft.com/update-guide

        [3] Security Update Guide Supports CVEs Assigned by Industry Partners
            https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYfyCGONLKJtyKPYoAQhkcQ//WnSyUAtg67nxVPFPP0RBG+BQvKLsBuAr
P3/uyB6IkGunKVIXwifACr61qdUMGyWhInWC8Kr2JF98DhDp0+svZXJ+hr9XZ7mZ
biebrRK8UPaVlz6t9dqM/esMB1a54m/VEI0ktsRxH+Reqr+ai3ZWkRm2LA/LAKDY
U3G81u+tYt6jMsoJgeNMQv79I1GporRdrdyrujFDoObjrigxzrTz+oJB+si05kBl
I7BWWP18Csog1ZQQgA0LkH+7wvSCY7g952KEzOL7EGrO/kct4DEvwR9CMrfFwFKo
bgTL/2SHCC9VsUeJPpkLpiTU3T0oF9KzZ5A8wCOft9eWutvO1n+y7UGZTU/rNZUM
NQOC+M7+S9piOExgoYhBFvNJO+pYxIX0WUMHsLXql2nB/xg65mxtpuP6fahXLqcf
lrqelyWAPPMP6St5WG4BlidPB9uI6x30HmLUvSoTb5Ae0jwUyjUwGh0qCU8y7srV
maUpw48JhN/spjAvyaC7V9ajmyPtfR03PaX3TW180Xu03lfF2VbUU5h2Xi7xEv/g
Z7GV28phHMYs3tDmZH+oY9QcLk07/x2KrMzJhPp7k5om4r4MOx3Ajz2800YW2cja
s6b311W+IrVAztUWCXkOGDsF6oPENZaiNvjtWN/QaYvOvERZYzgzvaTSy1wcWZmT
CwqNyQOr3r8=
=37YJ
-----END PGP SIGNATURE-----