Edge 121.0.2277.83 and Edge 120.0.2210.160 released

[German]Microsoft has released another security update for the Edge (Chromium) browser with version 121.0.2277.83 in the stable channel on January 25, 2024. It is a security update that is intended to close vulnerabilities, but also offers new functions as a new branch. Version 120.0.2210.160 was released in the Extended Stable Channel.

Edge 121.0.2277.83 with security fixes

The release notes contain the note "Fixed a browser crash in on-premise sync" and a reference to the security release notes. The security release notes discloses that the Microsoft developers have foxes the following vulnerabilities (some of which also affect the Chromium browser and specific Edge vulnerabilities).

• CVE-2024-21326
• CVE-2024-21388
• CVE-2024-21385
• CVE-2024-21383
• CVE-2024-21382
• CVE-2024-21387

I reported on the Chromium vulnerabilities in the article Google Chrome 121.0.6167.85/.86 with 17 security fixes; AI features planned.

New features

In the release notes Microsoft has also introduced new features for the Edge version 121 .

• Organization branding in Edge for Business: Entra's own organization branding assets can be set on the profile-related user interface for profiles logged in with an Entra ID account (formerly known as Azure Active Directory). Administrators can overlay their organization's details, such as the profile column name, name and brand color to the profile flyout and logo to the Edge for Business taskbar icon. This branding can help users to distinguish more easily between multiple profiles and browser windows. The default organization branding can be activated by administrators via policies (see).
• Microsoft Edge is migrating the update experience to Browser Essentials: Notifications about available Edge updates will be retrieved via Browser Essentials and no longer via the settings page to improve clarity and experience. Note: This feature is a controlled feature rollout. If you do not see this feature, please check back as we proceed with the rollout.
• Added support for AVIF and AV1 file formats: Microsoft Edge now supports AVIF and AV1 file formats, which provide better compression and higher quality images and videos. Users can enjoy faster loading times and better media quality on websites.
• E-Tree in the wallet: Users who are logged into Microsoft Edge with a personal Microsoft account (MSA) can grow a "virtual seed" into a tree via the wallet. As soon as the virtual tree has grown, a real tree is planted. Administrators can control availability with the policy EdgeWalletEtreeEnabled.
• New policies to protect against typosquatting on websites: Built-in website typosquatting protection alerts users when a popular domain name is mistyped and could land them on a malicious website. Administrators can control and configure the availability of website typo protection using the policies  PreventTyposquattingPromptOverride and TyposquattingAllowListDomains.

Furthermore, some policies have been introduced and policies have been classified as obsolete – details can be found here. Thanks to the reader for the hint.

Edge 120.0.2210.160 (Extended Stable Channel)

Edge 120.0.2210.160 has been released in the Extended Stable Channel. In the release notes, Microsoft only writes something about "Fixed various bugs and performance issues for Extended Stable." There do not appear to be any security fixes.