Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2022.0076 Microsoft Security Update Release for Microsoft Edge (Chromium-based) 4 April 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Edge (Chromium-based) Operating System: Windows Resolution: Patch/Upgrade CVE Names: CVE-2022-26912 CVE-2022-26909 CVE-2022-26908 CVE-2022-26900 CVE-2022-26895 CVE-2022-26894 CVE-2022-26891 CVE-2022-24523 CVE-2022-24475 CVE-2022-1146 CVE-2022-1145 CVE-2022-1143 CVE-2022-1139 CVE-2022-1138 CVE-2022-1137 CVE-2022-1136 CVE-2022-1135 CVE-2022-1134 CVE-2022-1133 CVE-2022-1131 CVE-2022-1130 CVE-2022-1129 CVE-2022-1128 CVE-2022-1127 CVE-2022-1125 Comment: CVSS (Max): 8.3* CVE-2022-26912 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C) CVSS Source: Microsoft Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C * Not all CVSS available when published OVERVIEW The following Chrome CVEs have been released on March 29, 2022. The following CVEs were assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses these vulnerabilities. Please see Google Chrome Releases for more information. [1] Microsoft has also reported a unique CVE not included in the upstream product. Edge version: 100.0.1185.29 Chromium version: 100.0.4896.60 [2] IMPACT The following vulnerabilities have been addressed: * CVE-2022-24475 * CVE-2022-24523 * CVE-2022-26891 * CVE-2022-26894 * CVE-2022-26895 * CVE-2022-26900 * CVE-2022-26908 * CVE-2022-26909 * CVE-2022-26912 * CVE-2022-1125 * CVE-2022-1127 * CVE-2022-1128 * CVE-2022-1129 * CVE-2022-1130 * CVE-2022-1131 * CVE-2022-1133 * CVE-2022-1134 * CVE-2022-1135 * CVE-2022-1136 * CVE-2022-1137 * CVE-2022-1138 * CVE-2022-1139 * CVE-2022-1143 * CVE-2022-1145 * CVE-2022-1146 See Security Update Guide Supports CVEs Assigned by Industry Partners. For more information about third-party CVEs in the Security Update Guide. [3] MITIGATION It is advised to update Edge to the latest release. REFERENCES [1] Google Chrome Releases https://chromereleases.googleblog.com/2022 [2] Security Update Guide https://msrc.microsoft.com/update-guide [3] Security Update Guide Supports CVEs Assigned by Industry Partners https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYkqNweNLKJtyKPYoAQjT8Q//XekMYaBT6qqIKFr+DJM/6ytXkLqDJX2c kZYhOPw5mNXHNXHVvFl6+1Mxqt74jsfgzgUExgQrfb3+RdPjh2lS8WOIDMyr4xq8 dQMAf3LqJ2utlzYIuUZe99KDwTmEUvOuWB0zNQ3gY8EyMwmm35f1nLd1lIejLuoL gAhm0R+FMExAUF6qjDH2vxDzpYmm2YyrSjm4BPWcDo4e4Sp8yp4Pg2ZxLyMFPrji Vf5f5ER3OW/JJ8HfLkzAJFQeY7vgY/YZqH+QnTSfH5POhti6pXkB9XpvCiwp+s9O 6x6YVwc8Ao8P4hdd/o3w4ETctrZYYpkBozO+KeOoRZyykMYl3K+iq2fY20x1NmDv Mh0btC7PYaVHPElQH54nxDRdxBqXURQiXkXrHuN49HokPWRmcibvSRSN7UFvntdF 2M4E5tEd0H3k6f6Vx4lWQ9mD5PuLpMOyC5Yh2MgF8rBkBYslWjxdNp2v4G3Pf+ry Rtnz+KMh5kMT5Or8PmF5HSuT+QvDDgBv3PGQbscHvom3uNM3SCXy5K0oDsc+acGw xDpmVjzoC7gVZhO4Gkz0jLF6sChEX3nX3Df9jpf42XlV7NJUpK3A/zWx/goWzHvq m6sNOXgKNqBp6SBBljQsLi32FEumPcK7AkYk6bXPkuHWxoLzw5GeOrsSk+TlpYzH GT9qWOp5tVU= =LDcx -----END PGP SIGNATURE-----