[German]Microsoft released a security update for the Chromium Edge browser on 21 May 2020. The update to version 83.0.478.37 fixes an Elevation of Privilege vulnerability that is considered moderate.
Advertising
According to ADV200002, Edge 83.0.478.37 closes subsequent vulnerabilities and is based on Chromium version 83.0.4103.61:
CVE-2020-6465, CVE-2020-6466, CVE-2020-6467,
CVE-2020-6468, CVE-2020-6469, CVE-2020-6470,
CVE-2020-6471, CVE-2020-6472, CVE-2020-6473,
CVE-2020-6474, CVE-2020-6475, CVE-2020-6476,
CVE-2020-6478, CVE-2020-6479, CVE-2020-6480,
CVE-2020-6481, CVE-2020-6482, CVE-2020-6483,
CVE-2020-6484, CVE-2020-6486, CVE-2020-6487,
CVE-2020-6488, CVE-2020-6489, CVE-2020-6490
The new Chromium Edge can be downloaded from this website as a web installer and here as a Buisness-Full-Install.
Bodgan Popa published this article about the Chromium Edge 83 on Softpedia. There you can also find a changelog..
Vulnerability CVE-2020-1195 in Edge
There is also an Elevation of Privilege vulnerability in the Edge Browser (CVE-2020-1195). Microsoft informed me yesterday via Security Advisory about this vulnerability. The vulnerability in Microsoft Edge (chrome-based) exists because the feedback extension validates input improperly. An attacker who successfully exploited this vulnerability could write files to arbitrary locations and gain elevated privileges.
However, the vulnerability does not allow the execution of arbitrary code. However, this vulnerability could be exploited in conjunction with one or more vulnerabilities (e.g., a remote code execution vulnerability and another Privilege Escalation vulnerability) to exploit the elevated privileges during execution.
Advertising
A security update to version 83.0.478.37 fixes the vulnerability by changing the validation of files through the Microsoft Edge (Chromium-based) feedback extension.
Advertising
