Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2021.0112
Microsoft Security Update Releases
28 May 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Microsoft Edge (Chromium-based)
Operating System: Windows
Linux variants
Mac OS
Impact/Access: Increased Privileges -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2021-31982 CVE-2021-31937
OVERVIEW
The following Chrome CVEs have been released on May 27, 2021.
These CVE were assigned by Chrome. Microsoft Edge (Chromium-based)
ingests Chromium, which addresses these vulnerabilities.
Please see Google Chrome Releases for more information. [1]
Edge version: 91.0.864.37 [2]
IMPACT
The following vulnerability has been addressed:
* CVE-2021-30521
* CVE-2021-30522
* CVE-2021-30523
* CVE-2021-30524
* CVE-2021-30525
* CVE-2021-30526
* CVE-2021-30527
* CVE-2021-30528
* CVE-2021-30529
* CVE-2021-30530
* CVE-2021-30531
* CVE-2021-30532
* CVE-2021-30533
* CVE-2021-30534
* CVE-2021-30535
* CVE-2021-30536
* CVE-2021-30537
* CVE-2021-30538
* CVE-2021-30539
* CVE-2021-30540
See Security Update Guide Supports CVEs Assigned by Industry Partners [3]
for more information about third-party CVEs in the Security Update Guide.
MITIGATION
It is advised to update Edge to the latest release.
REFERENCES
[1] Google Chrome Releases
https://chromereleases.googleblog.com/2021
[2] Security Update Guide
https://msrc.microsoft.com/update-guide/en-us
[3] Security Update Guide Supports CVEs Assigned by Industry Partners
https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYLBVTuNLKJtyKPYoAQi/1xAAlX7uRZq4hRwYJwUJPsqagwzEMJENrlJO
us41zozfM8Rup3cwI2mJNB+1upgOBtF7Atw0dkF5B4y0DoFnMCYi1SKc7+rSb7JS
zfsFc9wYliu1md9Lqv1NWvWiaQskXl+Hy5mllidQ93mVQN2vK/yI7Dz7nZbS11QF
ZKw5cpuOpow+SF9VNJApMpMsKyMgVxe0AgqtlW7KQlAlnot3ixctaFdB5j9ovxb2
w2v3PmmsqKWH8GvA2jAbgdH+a6B2Nk7oBCcQTytwmLcNilJop7FchPt9Xjve77se
2AwaHfVwq+J32H3i1iFDiwExz+HRlg5pqX/xlKujYDV9aWOXSlXqg0FGzsHb3Hlc
mFXwgEpI70H2tTfeI0A7gozMby9I68cbcdEOrrJ5Y+y6B65aRppnJgQU7RX+z/Ak
iatpUnRlN6pxQyIHArPl2YV3HAiMsjUjYr9sH1k4KdqlVZoFc88zVQC/0TxeYYsR
FKpbodTNY1pY4PxYq7UZDEJmUG+NJwrdBqqhLwtPGPo/mpbT66VgLQ4LgqYL1e5a
JJ8fHOtGo56SZDgA0jR+Rvq37KS6STkfhLGd1n1j51/waQmBPwOuEgy2Upb7Vu6z
LYpSUUfnewzk+k3OxqfGxFjW69N8fIBVKSurAk/hyFq06O/qj3QbJ+K6PTH+1o2O
VE2tD56bgok=
=Mxwq
-----END PGP SIGNATURE-----