On 7th December 2023, Microsoft released the latest Edge version 120.0.2210.61. This version is the stable channel release version for desktops. It resolves security issues reported in the Chromium project. It also resolved Microsoft-specific threats in the Edge browser.
Salient points
- Microsoft released the latest version of Edge browser 120.0.2210.61 on 7 December 2023 for the stable channel.
- The latest Edge Version 120.0.2210.61 supersedes Edge Version 119.0.2151.97. Edge version 119.0.2151.97 was released on 27 November 2023. It fixed the CVE-2023-6345 security vulnerability.
- Edge version 120.0.2210.61 resolves three Edge-specific security vulnerabilities.
- Edge version 120.0.2210.61 also resolves 10 security vulnerabilities that affect the Chromium project. 5 of these threats were disclosed by external security researchers. We have listed these 5 vulnerabilities below.
- Edge version 120.0.2210.61 corresponds to the Chrome stable release version for Windows version 120.0.6099.62/.63. Chrome was updated to 120.0.6099.62/.63 on 5 December 2023.
- The latest stable version 120.0.2210.61 also incorporates 2 feature updates and 5 policy updates. These updates have been shared in the relevant sections below.
Vulnerabilities
Edge security updates resolve Chromium-specific and Edge-specific vulnerabilities. The latest Edge version 120.0.2210.61 takes care of 10 Chromium vulnerabilities and 3 Edge-specific threats. These threats are discussed below.
Chromium vulnerabilities
10 security vulnerabilities have been addressed in the latest Chromium version. 5 of these threats were reported by external researchers. The details of these threats are given below.
CVE details | Bug id | Severity | Impact |
---|---|---|---|
CVE-2023-6508 | 1497984 | High | Use after free in Media Stream |
CVE-2023-6509 | 1494565 | High | Use after free in Side Panel Search |
CVE-2023-6510 | 1480152 | Medium | Use after free in Media Capture |
CVE-2023-6511 | 1478613 | Low | Inappropriate implementation in Autofill. |
CVE-2023-6512 | 1457702 | Low | Inappropriate implementation in Web Browser UI |
Edge-specific vulnerabilities
3 security vulnerabilities are specific to the Edge browser. These have been resolved in the latest Edge version 120.0.2210.61. The details of these threats are shared below.
CVE details | CVSS Score | Severity | Impact | Comments |
---|---|---|---|---|
CVE-2023-35618 | 9.6 | Moderate | Elevation of Privilege | This vulnerability could lead to a browser sandbox escape. |
CVE-2023-36880 | 4.8 | Low | Information Disclosure Vulnerability | Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment. |
CVE-2023-38174 | 4.3 | Low | Information Disclosure Vulnerability | The user would have to click on a specially crafted URL to be compromised by the attacker. Exploitation of this vulnerability only discloses limited information, no sensitive information can be obtained. |
Feature Updates
The latest version of Edge 120.0.2210.61 includes the following feature updates:
- RendererAppContainer. For extra security benefits, the Windows native app container is enabled by default. Note: If Enterprise organizations identify a compatibility issue due to code injection from security software, they should follow up with the software publisher directly. Alternatively, they can use the RendererAppContainerEnabled policy to trade off the security benefits in Microsoft Edge with their other software.
- Updated SmartActionsBlockList policy. The SmartActionsBlockList policy is updated with new policy option mappings. Administrators can now configure the policy to control Smart actions like definitions on websites (smart_actions_website) or control Smart actions in pdfs and on websites (smart_actions).
Policy Updates
The following new policies have been added in the Edge version 120.0.2210.61:
- AutoDiscardSleepingTabsEnabled – Configure auto discard sleeping tabs
- AutomaticProfileSwitchingSiteList – Configure the automatic profile switching site list
- Edge3PSerpTelemetryEnabled – Edge 3P SERP Telemetry Enabled
- PostQuantumKeyAgreementEnabled – Enable post-quantum key agreement for TLS
- WebAppSettings – Web App management settings
Install the latest version of Edge
The latest version of Microsoft Edge 120.0.2210.61 can be installed automatically. For this, you can close the browser and open it again. This should force Edge to pull the latest updated version.
Edge can be also updated manually. For this, you can download the offline installer file for Microsoft Edge from the Microsoft Update Catalog site.
The direct download links for Edge version 120.0.2210.61 are shared below:
- Download Edge 120.0.2210.61 for x86 Windows version – the size of the .cab file is 150.5 MB.
- Download Edge 120.0.2210.61 for ARM64 Windows version – the size of the .cab file is 161.3 MB.
- Download Edge 120.0.2210.61 for the x64 Windows version – the size of the .cab file is 168.7 MB.
How to check the current Microsoft Edge version?
You can check the Microsoft Edge version installed on your system by following the instructions below:
- In your Microsoft Edge browser, click on the 3 dots (…) on the very right-hand side of the window
- Click on Help and Feedback
- Click on About Microsoft Edge
- This should give you the Microsoft Edge version on the system
The current update is being rolled out to the eligible systems.
If you restart the Microsoft Edge browser, your browser should automatically pick the latest version 120.0.2210.61 from the Microsoft Servers.
December 2023 Cumulative or Security Updates
- KB5033371 for Windows 10 version 1809
- KB5033373 for Windows 10 version 1607
- KB5033379 for Windows 10
- KB5033372 for Windows 10 21H2 and 22H2
- KB5033375 Cumulative Update for Windows 11 22H2 and 23H2
- KB5033369 Cumulative Update for Windows 11 21H2
- KB5033420 Monthly Rollup Update for Windows Server 2012 R2
- KB5033429 Monthly Rollup Update for Windows Server 2012
- KB5033383 Cumulative Update for Windows Server 2022
- KB5033118 Cumulative Update for Windows Server 2022
- KB5033371 Cumulative Update for Windows Server 2019
- KB5033373 Cumulative Update for Windows Server 2016
- Microsoft Edge upgrades to version 120.0.2210.61
Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.