Microsoft Edge 103.0.1264.71 (July 22, 2022) with fix for vulnerability used in the wild

Posted on 2022-07-23 by guenni

EdgeMicrosoft has updated the Edge browser in the stable channel to version 103.0.1264.71 as of July 22, 2022. It is a maintenance update that also includes a fix for the  vulnerability CVE-2022-2294. Thanks to the user for pointing this out.

Advertising

The release notes don't give any more details about the update, except that CVE-2022-2294  is fixed. This is a rated critical vulnerability (buffer overflow in WebRTC) that has already been closed in Chrome. Google is aware that the vulnerability is being exploited in the wild. Bleeping Computer colleagues reported here that the vulnerability was exploited to infect and exploit journalists in the Middle East with the Candiru spyware. The primary source is this AVAST post.

The browser should update automatically, but can also be downloaded from the Edge site. Whether the download bug (see Microsoft Edge 103.0.1264.44 download bug: .crdownload files remains) has been fixed is open.

Advertising
This entry was posted in browser, Security, Software, Update and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).