Chrome and Edge updates to address exploits

The Chromium project is affected by CVE-2022-2856 vulnerability. Since this threat has an existing wild-exploit, Chrome and Edge browsers have received fresh security updates to address this security vulnerability. Chrome’s security update was released on 16th August and Microsoft released Edge’s security update on 18th August 2022 to mitigate CVE-2022-2856. The details of both browsers’ latest security updates are shared below.

Chrome Security Update – August 16 2022

Chrome integrated a new security update to address the wild exploit that exists for CVE-2022-2856.

  • The latest Stable Channel release for Windows Desktops will push the Chrome build to 104.0.5112.102/101. This contains a fix for CVE-2022-2856.
  • The latest Stable Channel release for Mac and Linux is 104.0.5112.101. This contains the fix for CVE-2022-2856.

Besides the CVE-2022-2856 vulnerability, the latest Stable Channel Updates for Chrome browser resolved a few other security threats:

  • High CVE-2022-2854: Use after free in SwiftShader.
  • High CVE-2022-2855: Use after free in ANGLE.
  • High CVE-2022-2857: Use after free in Blink.
  • High CVE-2022-2858: Use after free in Sign-In Flow.
  • High CVE-2022-2853: Heap buffer overflow in Downloads.
  • High CVE-2022-2856: Insufficient validation of untrusted input in Intents.
  • Medium CVE-2022-2859: Use after free in Chrome OS Shell.
  • Medium CVE-2022-2860: Insufficient policy enforcement in Cookies.
  • Medium CVE-2022-2861: Inappropriate implementation in Extensions API.

The latest Chrome security update has already been pushed out and your systems may have already received it.

Chrome’s latest update for Android and iOS devices will be made available through the Google Play Store and Apple app store.

Security Update for Edge browser – 19th August 2022

Microsoft has released the latest security update for Edge browser on 18th August 2022. Some important points about this security update are given below for your ready reference.

  • Microsoft released a security update on 17th August. This update was specifically targeted at resolving CVE-2022-2856 security vulnerability on the Chromium engine.
  • Subsequent to the 17th August update, another updated was rolled out on 19th August, 2022. The latest update was designed to resolve other vulnerabilities on the Chromium browser engine.

We share the details of all vulnerabilities that have been patched as part of the two security updates released by Microsoft last week.

Microsoft Edge Stable Channel Version 104.0.1293.60 resolved the following vulnerability:

  • High CVE-2022-2856: Insufficient validation of untrusted input in Intents.

Microsoft Edge Stable Channel Version 104.0.1293.63 resolves the following vulnerabilities:

  • High CVE-2022-2854: Use after free in SwiftShader.
  • High CVE-2022-2855: Use after free in ANGLE.
  • High CVE-2022-2857: Use after free in Blink.
  • High CVE-2022-2858: Use after free in Sign-In Flow.
  • High CVE-2022-2853: Heap buffer overflow in Downloads.
  • Medium CVE-2022-2859: Use after free in Chrome OS Shell.
  • Medium CVE-2022-2860: Insufficient policy enforcement in Cookies.
  • Medium CVE-2022-2861: Inappropriate implementation in Extensions API.

Microsoft Edge Stable Channel Version 104.0.1293.63 supersedes Microsoft Edge Stable Channel Version 104.0.1293.60. Therefore, it contains all the security changes that are part of the 104.0.1293.60 version.

How can I update Chrome browser on desktops?

To update Google Chrome on a desktop computer:

  1. On your computer, open Chrome.
  2. At the top right, click More More.
  3. Click Help and then About Google Chrome.
  4. Click Update Google Chrome.
    • Important: If you can’t find this button, you’re on the latest version.
  5. Click Relaunch.

To verify the current version of Chrome on your computer, you may follow the steps below:

  1. On your computer, open Chrome.
  2. At the top right, look at More More.
  3. If an update is pending, the icon will be colored:
    • Green: An update was released less than 2 days ago.
    • Orange: An update was released about 4 days ago.
    • Red: An update was released at least a week ago.

Generally speaking, if you close Chrome browser and relaunch it, the browser engine will pull the latest update, if available.

How can I update Microsoft Edge to the latest version?

You can download the latest version of Microsoft Edge from the following links:

This will download the latest version of Microsoft Edge on your desktop computer.

To update Microsoft Edge browser on your computer, please follow the steps below:

  • Launch Edge browser.
  • Choose Settings and more
  • Click on Help and feedback
  • Open About Microsoft Edge (you can also open this by direct command in the address bar – (edge://settings/help)
  • If the About page shows An update is available. Select Download and install to proceed. Relaunch the browser to complete the update.
  • If the About page shows Microsoft Edge is up to date then no further action is needed.

Like Chrome, whenever you close the Edge browser and relaunch it, the Chromium engine will pull the latest updates and build version from the Microsoft website.

Microsoft Edge’s latest security update for Android and iOS devices will be made available through the Google Play Store and Apple app store.

Summary

The latest build for Microsoft Edge is 104.0.1293.63 and the latest stable channel release for Chrome browser is 104.0.5112.102/101. These updates resolve the CVE-2022-2856 vulnerability that is known to have an exploit.