Microsoft Edge 109.0.1518.49 update available

Microsoft has fixed security vulnerabilities from the Chromium project in a new update of the Edge web browser. In addition to the security gaps that Google had just closed in the underlying Chromium project, other high-risk vulnerabilities have been fixed in the Microsoft browser.

In the release notes for the Edge web browser, Microsoft points out that the new stable version 109.0.1518.49 contains the latest security updates from Chromium and fixes two more vulnerabilities.

One vulnerability is an error that allows attackers from the network to insinuate malicious code onto potential victim computers, a so-called remote code execution. Microsoft does not give details in the according security notification, but proof-of-concept code is apparently available that demonstrates exploitation of the vulnerability (CVE-2023-21775, CVSS 8.3, risk high).

The second vulnerability allows malicious actors to escalate their privileges in the system, Microsoft explains in the associated security advisory (CVE-2023-21796, CVSS 8.3, high).

The manufacturer does not explain whether these vulnerabilities are already being actively used. According to the details, the proof-of-concept code for the remote code execution vulnerability does not appear to work under all conditions and still requires substantial modifications by a talented attacker, however, Microsoft writes.

Edge users can ensure the latest updates are downloaded and installed on the system by going to Windows Update. In addition, calling up the settings menu via the symbol with the three dots on the right of the address bar, down to Help and Feedback and finally to Info about Microsoft Edge also works. If necessary, this triggers the update check.

Due to the severity of the vulnerabilities, the update should be acquired quickly. In the Chromium-based web browser Chrome, Google patched 17 security gaps last week, including various high risk vulnerabilities. The Edge update fixes these as well.