Geeks for your information
Microsoft Edge 103 fixes 12 security issues - Printable Version

+- Geeks for your information (https://www.geeks.fyi)
+-- Forum: News (https://www.geeks.fyi/forumdisplay.php?fid=105)
+--- Forum: Browsers News & Tips (https://www.geeks.fyi/forumdisplay.php?fid=109)
+--- Thread: Microsoft Edge 103 fixes 12 security issues (/showthread.php?tid=17517)



Microsoft Edge 103 fixes 12 security issues - harlan4096 - 24 June 22

Quote:Microsoft released new stable and extended versions of its Microsoft Edge web browser on June 23, 2022. Microsoft Edge fixes 12 different security issues, 10 of which are shared among all Chromium-based browsers.

[Image: microsoft-edge-103.png]

Microsoft Edge 103 is already available. It should be updated automatically on most systems. Edge users may check edge://settings/help to display the current version of the browser. Edge checks for updates when the page is opened and will download updates that it finds.

The Security Update Guide lists 12 distinct vulnerabilities that Microsoft patched in Edge 103. Ten of the vulnerabilities are shared across all Chromium-based browsers, the core that Edge shares with Chrome, Brave, Vivaldi or Opera.

Google released Chrome 103 on June 21, 2022. The company fixed 14 different security issues in Chrome 103, several of which are Chrome-specific. The ten Chromium-specific vulnerabilities include a critical issue and two issues rated as high.

The two Edge-specific security issues are filed under CVE-2022-33638 and CVE-2022-30192. Both are elevation of privilege attacks, and not exploited at the time of writing.
  • Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability -- CVE-2022-33638
  • Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability  -- CVE-2022-30192
Microsoft Edge 103: non-security changesMicrosoft Edge 103 includes a small number of non-security improvements and changes. The majority of the changes are designed for organizations.

Microsoft lists the following four feature updates in the release notes:
  • Rewritten Microsoft Defender SmartScreen library. Microsoft claims that it is offering "more reliable protection", but does not provide any details on that. Enterprise customers may delay the use until Edge 105 by using the NewSmartScreenLibraryEnabled policy.
  • Client Certificate Switcher to "clear the remembered certificate and resurface the certificate picker when visiting a site requiring HTTP certificate authentication" without quitting Edge.
  • Option to control automatic profile switching using the GuidedSwitchEnabled policy.
  • Work Search Banner in the Microsoft Edge address bar to narrow the search focus to "work-only results".
The following policies are new or updated:
  • GuidedSwitchEnabled - Controls automatic profile switching.
  • InternetExplorerZoomDisplay - Display zoom in IE Mode tabs with DPI Scale included like it is in Internet Explorer
  • LiveCaptionsAllowed - Live captions allowed. Determines whether Edge's new Live Captions feature is under user control.
  • OriginAgentClusterDefaultEnabled - Origin-keyed agent clustering enabled by default
The SleepingTabsTimeout policy supports a timeout of 30 seconds in Edge 103.

Closing Words

Edge users may want to install the update to Edge 103 as soon as possible to protect the browser against potential exploits targeting the security vulnerabilities.

Now You: do you use Microsoft Edge?
...
Continue Reading