Microsoft updated the Edge browser. With this update of the Edge web browser, Microsoft has not only sealed security vulnerabilities in the underlying Chromium project, but also corrected its own vulnerabilities. Browser users should ensure that they use the current version.

Last week, Google fixed twelve security holes in the Chrome browser. Edge is also based on the open source Chromium project. Version 122.0.2365.52 from February 23rd closes the vulnerabilities and three additional security gaps that Microsoft developers have added with their own extensions. One of these is considered high risk, while two represent medium risk.

Three additional vulnerabilities in Edge

The security vulnerabilities can be abused through specially prepared websites that potential victims would have to surf. The most serious is a vulnerability that allows attackers to break out of the browser sandbox and access information without authorization (CVE-2024-26192, CVSS 8.2, risk high). The other gaps can also leak information (CVE-2024-21423, CVSS 4.8, medium risk) or cover up and falsify content on websites, so-called spoofing (CVE-2024-26177, CVSS 4.3, medium risk).

The CVE entries for the vulnerabilities were published last Sunday. The update is not yet listed on the Microsoft Edge security update release notes webpage. Information about closed security gaps is also missing in the release notes for the stable browser version.

The developers there list that they had solved an issue with PDF text fields and values in drop-down fields that were rendered twice. Additionally, incorrect printouts occurred when printing PDF files in landscape orientation with the Fit to Printable Area option selected. The developers have also added or removed some browser guidelines.

Edge users should update to the new version. The version dialog shows the currently running version of the browser. It opens after clicking on the symbol with the three dots next to each other to the right of the address bar and then continue there via Help and Feedback – Information about Microsoft Edge.