QID 375446
Date Published: 2021-04-14
QID 375446: Microsoft Edge Based On Chromium Prior to 89.0.774.77 Multiple Vulnerabilities
Microsoft Edge based on Chromium is affected by the following vulnerabilities:
CVE-2021-21206: Use after free in Blink.
CVE-2021-21220: Insufficient validation of untrusted input in V8 for x86_64.
Affected Version:
Microsoft Edge based on Chromium prior to version 89.0.774.77
QID Detection Logic: (authenticated)
Operating System: Windows
The install path is checked via registry "HKLM\SOFTWARE\Clients\StartMenuInternet\Microsoft Edge\shell\open\command". The version is checked via file msedge.exe.
QID Detection Logic: (authenticated)
Operating System: MacOS
The QID checks for vulnerable version of Microsoft Edge from installed application list.
Successful exploitation of this vulnerability affects confidentiality, integrity and availability.
Solution
Customers are advised to upgrade to version
For further details refer to 89.0.774.77 or later
For further details refer to 89.0.774.77 or later
Vendor References
- CVE-2021-21206 -
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21206 - CVE-2021-21220 -
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21220
CVEs related to QID 375446
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| CVE-2021-21206 |
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21206 |
||
| CVE-2021-21220 |
msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21220 |