Operating System:

[WIN]

Published:

04 April 2022

Protect yourself against future threats.

//Service

Sensitive Information Alert

Alert notification provided via email for sensitive material found online by our analyst team which specifically targets your organisation.

Read more
Resources > Security Bulletins > ASB-2022.0076 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2022.0076
   Microsoft Security Update Release for Microsoft Edge (Chromium-based)
                               4 April 2022

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:          Microsoft Edge (Chromium-based)
Operating System: Windows
Resolution:       Patch/Upgrade
CVE Names:        CVE-2022-26912 CVE-2022-26909 CVE-2022-26908
                  CVE-2022-26900 CVE-2022-26895 CVE-2022-26894
                  CVE-2022-26891 CVE-2022-24523 CVE-2022-24475
                  CVE-2022-1146 CVE-2022-1145 CVE-2022-1143
                  CVE-2022-1139 CVE-2022-1138 CVE-2022-1137
                  CVE-2022-1136 CVE-2022-1135 CVE-2022-1134
                  CVE-2022-1133 CVE-2022-1131 CVE-2022-1130
                  CVE-2022-1129 CVE-2022-1128 CVE-2022-1127
                  CVE-2022-1125  

Comment: CVSS (Max):  8.3* CVE-2022-26912 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)
         CVSS Source: Microsoft
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
         * Not all CVSS available when published

OVERVIEW

        The following Chrome CVEs have been released on March 29, 2022.
                                                        
                The following CVEs were assigned by Chrome.
                Microsoft Edge (Chromium-based) ingests Chromium, 
                which addresses these vulnerabilities. 
                Please see Google Chrome Releases for more information. [1]
                
                Microsoft has also reported a unique CVE not included in the upstream product.
                                                                              
                        Edge version: 100.0.1185.29
                        Chromium version: 100.0.4896.60 [2]


IMPACT

         The following vulnerabilities have been addressed:
                
                * CVE-2022-24475 
        	* CVE-2022-24523 
        	* CVE-2022-26891 
        	* CVE-2022-26894 
        	* CVE-2022-26895 
        	* CVE-2022-26900 
        	* CVE-2022-26908 
        	* CVE-2022-26909 
        	* CVE-2022-26912
        	* CVE-2022-1125 
        	* CVE-2022-1127 
        	* CVE-2022-1128 
        	* CVE-2022-1129 
        	* CVE-2022-1130 
        	* CVE-2022-1131 
        	* CVE-2022-1133 
        	* CVE-2022-1134 
        	* CVE-2022-1135 
        	* CVE-2022-1136 
        	* CVE-2022-1137 
        	* CVE-2022-1138 
        	* CVE-2022-1139 
        	* CVE-2022-1143 
        	* CVE-2022-1145 
        	* CVE-2022-1146
        	
                
                See Security Update Guide Supports CVEs Assigned by Industry Partners.
                For more information about third-party CVEs in the Security Update Guide. [3]


MITIGATION

         It is advised to update Edge to the latest release.


REFERENCES

        [1] Google Chrome Releases
             https://chromereleases.googleblog.com/2022

        [2] Security Update Guide
            https://msrc.microsoft.com/update-guide

        [3] Security Update Guide Supports CVEs Assigned by Industry Partners
            https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYkqNweNLKJtyKPYoAQjT8Q//XekMYaBT6qqIKFr+DJM/6ytXkLqDJX2c
kZYhOPw5mNXHNXHVvFl6+1Mxqt74jsfgzgUExgQrfb3+RdPjh2lS8WOIDMyr4xq8
dQMAf3LqJ2utlzYIuUZe99KDwTmEUvOuWB0zNQ3gY8EyMwmm35f1nLd1lIejLuoL
gAhm0R+FMExAUF6qjDH2vxDzpYmm2YyrSjm4BPWcDo4e4Sp8yp4Pg2ZxLyMFPrji
Vf5f5ER3OW/JJ8HfLkzAJFQeY7vgY/YZqH+QnTSfH5POhti6pXkB9XpvCiwp+s9O
6x6YVwc8Ao8P4hdd/o3w4ETctrZYYpkBozO+KeOoRZyykMYl3K+iq2fY20x1NmDv
Mh0btC7PYaVHPElQH54nxDRdxBqXURQiXkXrHuN49HokPWRmcibvSRSN7UFvntdF
2M4E5tEd0H3k6f6Vx4lWQ9mD5PuLpMOyC5Yh2MgF8rBkBYslWjxdNp2v4G3Pf+ry
Rtnz+KMh5kMT5Or8PmF5HSuT+QvDDgBv3PGQbscHvom3uNM3SCXy5K0oDsc+acGw
xDpmVjzoC7gVZhO4Gkz0jLF6sChEX3nX3Df9jpf42XlV7NJUpK3A/zWx/goWzHvq
m6sNOXgKNqBp6SBBljQsLi32FEumPcK7AkYk6bXPkuHWxoLzw5GeOrsSk+TlpYzH
GT9qWOp5tVU=
=LDcx
-----END PGP SIGNATURE-----