Microsoft Edge 115 fixes 14 security issues

Microsoft released new versions of Microsoft Edge Stable and Microsoft Edge Extended Stable to the release channel on July 21, 2023. The Microsoft Edge Stable update fixes 14 unique security issues in the browser, three of which are Edge-specific and the remaining 11 Chromium-specific.

Chromium makes the core of Microsoft Edge, which it shares with Google Chrome, Brave, Vivaldi, Opera and other web browsers.

Google released an update for its Chrome web browser just a day earlier that addressed a total of 20 different security issues.

The update is available already. Edge users may select Menu > Help > About Microsoft Edge to display the current version of the browser that is installed on the device. Microsoft Edge runs an automatic update check when the help page is opened and will download and install any update that it finds.

The browser should display the version 115.0.1901.183 (Microsoft Edge Stable) or 114.0.1823.90 (Microsoft Edge Extended Stable) after the latest update has been installed.

Microsoft reveals here that it addressed three Edge-specific vulnerabilities and eleven vulnerabilities affecting all Chromium-based web browsers.

One of the Edge-specific vulnerabilities affects the Android version of the browser only. The three vulnerabilities have severity ratings of moderate and low.

• Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability -- CVE-2023-38187
• Microsoft Edge for Android Spoofing Vulnerability -- CVE-2023-38173
• Microsoft Edge (Chromium-based) Spoofing Vulnerability -- CVE-2023-35392

The eleven Chromium-specific security issues are listed on the Microsoft Update Guide website.

Microsoft Edge 115 introduces a handful of new policies and just a single new feature. Microsoft Edge management service is a new area in the Microsoft 365 admin center that gives administrators management control over the browser.

Administrators may configure all Edge policies there according to Microsoft. A newly published support page provides additional details on the functionality. Availability is limited to Microsoft Edge 115 or newer on Windows 10, Windows 11 or Windows Server 2016 or newer.

Microsoft lists the following new policies that it added in Edge 115:

• ComposeInlineEnabled - Compose is enabled for writing on the web
• EdgeManagementEnabled - Microsoft Edge management enabled
• EdgeManagementEnrollmentToken - Microsoft Edge management enrollment token
• EdgeManagementExtensionsFeedbackEnabled - Microsoft Edge management extensions feedback enabled
• EnhanceSecurityModeIndicatorUIEnabled - Manage the indicator UI of the Enhanced Security Mode (ESM) feature in Microsoft Edge
• EnhanceSecurityModeOptOutUXEnabled - Manage opt-out user experience for Enhanced Security Mode (ESM) in Microsoft Edge
• SearchForImageEnabled - Search for image enabled
• WalletDonationEnabled - Wallet Donation Enabled

Administrators should upgrade the browser as soon as possible to protect the browser against potential attacks targeting the closed security vulnerabilities.

Now You: do you use Microsoft Edge?

Source