Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2020.0050
ADV200002 | Chromium Security Updates for Microsoft Edge (Chromium-Based)
26 February 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Microsoft Edge
Operating System: Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2020-6418 CVE-2020-6407
Member content until: Friday, March 27 2020
Reference: ASB-2020.0049
OVERVIEW
Microsoft has updated its Edge browser to include security fixes
from the upstream Chromium project.
Edge version: 80.0.361.62
Chromium version: 80.0.3987.122
Date Released: 2/25/2020
This fixes 3 vulnerabilities. [1] [2]
IMPACT
The following vulnerabilities have been addressed:
CVE-2020-6407 CVE-2020-6418 [1]
MITIGATION
It is advised to update Edge to version 80.0.361.62 or later.
REFERENCES
[1] Chromium Security Updates for Microsoft Edge based on Chromium
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200002
[2] Google Chrome Releases
https://chromereleases.googleblog.com/2020/02/
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXlX2gWaOgq3Tt24GAQh9Rw//Q4W0IvBNlrtXAc1E178+Fbq+ruLoXh2O
/U3dxIxDVZXnhMAOz83s1ButMBFyW2abV4U86hq0fnPhhTufZruouB8QI3qS0FBC
FyBBeflLgItz8DnNGy4YyZVixfb2JWBe/EyUZ8g5/ILURbwo0oI3u54bjAFeKXkW
hGFjocFrY2wG4K3lSWMoF7QuoapPC64lbHL5BllKPF5VPy7rs++RU0nDuhYK0McG
K3fyC+NLDVQazFSNEocpye6BNvfQcztY1SuunWGdVEre5FsVvo7NEMqF3wmmr+dn
hbqoqio0KqzhL1BpJQtTYCretCumiPA8NHo4i8N25tQyFEDh8yvXVWlxnr9sL2pX
UTutErACI5GCh77Qd/FmrAcD600oYZv0nJ4vRYja4Xu9KISHMnhVj83zGoIvDWkk
QPaI/525C9z0LJtM+QrUIqfpHAL2IqaC0fk5EKGCcfhitRcAW37cCkVOeE/NrATG
/9ER0YzVzzJJwz6r0rLBTMfjL06oG6mfg7WH68HgVXmS7JeKkAU9sNatYryDYi6B
jUXxE4E3cL0gMotw+/bIipIkfgdVKg3sIZi020CtzHXLqjkMaWJ/N/m5lKhU4jb/
bpQe03yXyvZ5VN0z2EtWzqMeNy5Xuqrufs/e5k2USkWVHWQNBMvtPzavB8imPklC
lvIg4ryWsA8=
=cvGs
-----END PGP SIGNATURE-----