Operating System:

[WIN][MAC]

Published:

10 February 2020

Protect yourself against future threats.

//Service

Malicious URL Feed

Add this Australian-based feed to your firewall blacklist and SIEM to prevent compromises to your network.

Read more
Resources > Security Bulletins > ASB-2020.0034 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2020.0034
         Chromium Security Updates for Microsoft Edge v80.0.361.48
                             10 February 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Microsoft Edge
Operating System:     Windows
                      Mac OS
Impact/Access:        Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Denial of Service               -- Remote with User Interaction
                      Provide Misleading Information  -- Remote with User Interaction
                      Reduced Security                -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2020-6417 CVE-2020-6416 CVE-2020-6415
                      CVE-2020-6414 CVE-2020-6413 CVE-2020-6412
                      CVE-2020-6411 CVE-2020-6410 CVE-2020-6409
                      CVE-2020-6408 CVE-2020-6406 CVE-2020-6405
                      CVE-2020-6404 CVE-2020-6402 CVE-2020-6401
                      CVE-2020-6400 CVE-2020-6399 CVE-2020-6398
                      CVE-2020-6397 CVE-2020-6396 CVE-2020-6395
                      CVE-2020-6394 CVE-2020-6393 CVE-2020-6392
                      CVE-2020-6391 CVE-2020-6390 CVE-2020-6389
                      CVE-2020-6388 CVE-2020-6387 CVE-2020-6385
                      CVE-2020-6382 CVE-2020-6381 CVE-2019-19926
                      CVE-2019-19925 CVE-2019-19923 CVE-2019-19880
                      CVE-2019-18197  
Member content until: Wednesday, March 11 2020
Reference:            ESB-2019.3966
                      ESB-2019.3929

OVERVIEW

        Microsoft has updated its Edge browser to include security fixes
        from the upstream Chromium project.
        
        Edge version: 80.0.361.48
        Chromium version: 80.0.3987.87
        
        This fixes 37 vulnerabilities, with a highest severity of High.
        [1]


IMPACT

        The following vulnerabilities have been addressed:
        
        CVE-2020-6381 CVE-2020-6382 CVE-2019-18197 CVE-2019-19926 CVE-2020-6385
        CVE-2019-19880 CVE-2019-19925 CVE-2020-6387 CVE-2020-6388 CVE-2020-6389
        CVE-2020-6390 CVE-2020-6391 CVE-2020-6392 CVE-2020-6393 CVE-2020-6394
        CVE-2020-6395 CVE-2020-6396 CVE-2020-6397 CVE-2020-6398 CVE-2020-6399
        CVE-2020-6400 CVE-2020-6401 CVE-2020-6402 CVE-2020-6404 CVE-2020-6405
        CVE-2020-6406 CVE-2019-19923 CVE-2020-6408 CVE-2020-6409 CVE-2020-6410
        CVE-2020-6411 CVE-2020-6412 CVE-2020-6413 CVE-2020-6414 CVE-2020-6415
        CVE-2020-6416 CVE-2020-6417
        [1]


MITIGATION

        Microsoft advises updating Edge to version 80.0.361.48 or later. [1]


REFERENCES

        [1] Chromium Security Updates for Microsoft Edge based on Chromium
            https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200002

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXkC2j2aOgq3Tt24GAQiFdw//dscavneEthy9OBHSDCVDNQRd6FcPfaxN
V1xxb8C/wvGtM/032nTWz49DITbsS2MMCV0z50A6j88TxasrCwrBJRd9VipoQE4I
zfdjqmHVsKxAY3iDfDQ5xRXYu3Ijccre2TDOj6n2Avt51ztnMaCQq+k5MMX1wnW0
iNn/eQXdhtLEgKgGibGXBN2Tvn+Ee4dH0ky4WYmDUiEkvMa/6u8ZLcm0CgCSG9kI
5X/YNeC0C8AkiN7qE3ueDjc0Cbyh9wwFPEwiwtHlcv5AwqUxHyYkPMwiJu2P2AHB
6NGLBelazr9Z70VYQzcNhUuP67wmp8yeJZiXUfO/Td/68A/8eHt+ildfDlacellQ
d1AEnzAM+E/dw+KLR5wQSTbXWgad3h5+CBTDL8UEjkRmvE1LMhK2nPU/M849bqxU
bVx2VDer8963L3H3P6jg0y0MPH8ivCHySJlbql2xmta2UTGkQO/DJTu5N5U21udO
QKErUDmgCHVhvQUZ1RQDTs3ZCQ4tmhLHFhIeuJJHgChTfGVH9Ho3hvTD/5iqd+1b
oiLcN1cz8dysd/1KqYc+aEQFHbqJ2FJbUOVi9RM9eIpOCzH4VVdgDCdci5KnHoQL
4dyR7ZHdQiWwNiEXXSruwaFTNU9TTrXDp34cvPdxPfkbpNTBBfGrknJhZ/Lh1VKT
xg1MxPFqs9Y=
=7+ld
-----END PGP SIGNATURE-----