Security update Chromium Edge 83.0.478.37

Edge[German]Microsoft released a security update for the Chromium Edge browser on 21 May 2020. The update to version 83.0.478.37 fixes an Elevation of Privilege vulnerability that is considered moderate.


Advertising

According to ADV200002, Edge 83.0.478.37 closes subsequent vulnerabilities and is based on Chromium version 83.0.4103.61:

CVE-2020-6465, CVE-2020-6466, CVE-2020-6467,
CVE-2020-6468, CVE-2020-6469, CVE-2020-6470,
CVE-2020-6471, CVE-2020-6472, CVE-2020-6473,
CVE-2020-6474, CVE-2020-6475, CVE-2020-6476,
CVE-2020-6478, CVE-2020-6479, CVE-2020-6480,
CVE-2020-6481, CVE-2020-6482, CVE-2020-6483,
CVE-2020-6484, CVE-2020-6486, CVE-2020-6487,
CVE-2020-6488, CVE-2020-6489, CVE-2020-6490

The new Chromium Edge can be downloaded from this website as a web installer and here as a Buisness-Full-Install. 

Bodgan Popa published this article about the Chromium Edge 83 on Softpedia. There you can also find a changelog..

Vulnerability CVE-2020-1195 in Edge

There is also an Elevation of Privilege vulnerability in the Edge Browser (CVE-2020-1195). Microsoft informed me yesterday via Security Advisory about this vulnerability. The vulnerability in Microsoft Edge (chrome-based) exists because the feedback extension validates input improperly. An attacker who successfully exploited this vulnerability could write files to arbitrary locations and gain elevated privileges.

However, the vulnerability does not allow the execution of arbitrary code. However, this vulnerability could be exploited in conjunction with one or more vulnerabilities (e.g., a remote code execution vulnerability and another Privilege Escalation vulnerability) to exploit the elevated privileges during execution.


Advertising

A security update to version 83.0.478.37 fixes the vulnerability by changing the validation of files through the Microsoft Edge (Chromium-based) feedback extension.


Advertising


This entry was posted in browser, Security, Software, Update and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *