New Security update for Microsoft Edge – Version 93.0.961.38

Microsoft released a new software update for the Edge browser. If your browser is enabled for automatic updates, Edge should update automatically to the latest version. If your organization has disabled automatic updates for Edge, please do spare a minute to update your Edge browser to the version 93.0.961.38.

This security update comes two weeks after the previous security update, that was released on 19th August. The latest security update addresses five vulnerabilities with varying impacts. The following details of the vulnerabilities have been shared by Microsoft for the Edge security update Version 93.0.961.38.

What vulnerabilities does the latest Microsoft Edge security update resolve?

---

The Edge security update (Version 93.0.961.38) resolves five different vulnerabilities. All these vulnerabilities have an associated and trackable CVE number, with well defined impacts and scope.

• CVE-2021-36930 has a CVSS score of 6.1 and it is considered as an ‘Elevation of Privilege vulnerability’. No affected applications have been recorded as yet and no Metasploit modules that target this vulnerability have been identified. As per Microsoft’s assessment, this vulnerability is less likely to be exploited. The severity of this vulnerability is ‘Important’. Chromium based Edge browser has been patched against this vulnerability in the latest security release.
• CVE-2021-26436 has a CVSS score of 6.1 and this one is also considered as an ‘Elevation of Privilege vulnerability’. However, no application with this vulnerability has been found as yet. The vulnerability is less likely to be exploited. This vulnerability carries an ‘Important’ severity. It has been resolved in the latest security release of the Edge browser.
• CVE-2021-38641 – This vulnerability has been classified as an ‘Important’ severity security vulnerability. It has a CVSS severity rating of 6.1 and falls under ‘Important’ level. It falls in the category of spoofing. This vulnerability on Microsoft Edge was found by security experts Tirtha Mandal, Vansh Devgan and Shivam Kumar Singh. No exploits have been detected as yet. Microsoft considers that this vulnerability is less likely to be exploited. However, the security vulnerability has been patched in the Edge’s latest release.
• CVE-2021-38641 – This vulnerability is less likely to be exploited. However, it carries a CVSS rating of 6.1 and a severity level of ‘Important’. No exploits have been recorded as yet. The edge browser has been patched against this spoofing category vulnerability. The vulnerability was found by Vansh Devgan and Shivam Kumar Singh.
• CVE-2021-26439 – This is a vulnerability that affects Microsoft Edge on Android devices. It has a severity level of ‘Moderate’ and a CVSS rating of 4.6. No exploits have been detected. The vulnerability’s impact is considered to be of the type ‘Information disclosure’.

Aside from these five vulnerabilities that have ‘Important’ or ‘Moderate’ impacts, multiple low impact vulnerabilities have been recorded and address through the Microsoft Edge browser update with Version 93.0.961.38.

The low impact vulnerabilities that are resolved through the latest security update on the Edge fall between the CVE number CVE-2021-30606-CVE-2021-30624. So, there are 19 low impact vulnerabilities that have been taken care of with the Edge update to Version 93.0.961.38.

How can I update Edge browser to the latest version?

---

You can update Edge browser through the About Edge section. Alternatively, please type the following address in your Edge browser’s address bar and it will open the update window. Update should be completed automatically.

edge://settings/help

After successful update of the Edge browser, you should see the following status:

Summary

---

Please set the Edge browser to be on automatic updates and ensure it is updated to Version 93.0.961.38. If you are set up on manual update mode, please download the update files and update the Edge browser to Version 93.0.961.38.