News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • Zero days in browser

    Home » Forums » AskWoody blog » Zero days in browser

    • This topic has 13 replies, 10 voices, and was last updated 1 month ago.
    Author
    Topic
    #2398546

    Whether or not you’ve installed the October updates, make sure your Chrome – and even Edge – browser is up to date. Two in-the-wild 0-days patched by
    [See the full post at: Zero days in browser]

    Susan Bradley Patch Lady

    7 users thanked author for this post.
    Viewing 8 reply threads
    Author
    Replies
    • #2398575

      Susan,

      Thanks for the heads up otherwise none the wiser. Checked and made sure both Google Chrome and Edge browsers are up to date.

      Cheers.

    • #2398596

      I just made sure that IE was up to date in Windows 8.1

       

    • #2398641

      Edge Version 95.0.1020.38
      Chrome Version 96.0.4664.27 beta (Chrome Stable is 95.0.4638.69).

      1 user thanked author for this post.
    • #2398678

      I probably know the answer to this – but does this apply to Firefox, too? I am still on FF version 88, and am reluctant to upgrade due to the horrible interface FF is now using. I had upgraded, and hated it, so I rolled back to v 88. Does this zero day affect FF as well? I do have MBAE turned on for FF. Thanks!

       

    • #2398685

      I just let my browsers update when they need to.  I use Firefox on my workstation and Edge on my television PC.  I like Edge for streaming as it is easier to put all the weblinks on the home page with decent sized icons.  I also let the Windows update do so automatically on the day they issue as this PC dose not do anything other than stream and run a television tuner; no printing or any other apps.

      • #2398973

        I’m not sure if this particular security update applies to Firefox, as it uses a different underlying engine. However, there are very likely security bugs that have been fixed since version 88.

        I would very much recommend updating Firefox. If you don’t want it to change out from under you as often, I’d suggest installing the ESR version, and go with ESR 92.2.o, as that will reduce the number of non-security updates that you get. I’d also google for ways to alter Firefox Photon to look more like the previous version. I’d recommend reading this Reddit thread for instructions: https://www.reddit.com/r/firefox/comments/ojzf0m/proton_firefox_91_removes_the_options_to_disable/

        Probably the main thing that bothers most people is the UI getting bigger. If that’s your issue, then I suggest following the directions here: https://support.mozilla.org/en-US/kb/compact-mode-workaround-firefox

        1 user thanked author for this post.
    • #2398693

      Edge Version 95.0.1020.38
      Chrome Version 96.0.4664.27 beta (Chrome Stable is 95.0.4638.69).

      Hi Alex5723:

      Are those your current browser versions or the patched versions? I checked Microsoft’s Security Update Guide at https://msrc.microsoft.com/update-guide this morning (29-Oct-2021) and it doesn’t appear that MS Edge has been patched yet for either CVE-2021-38000 or CVE-2021-38003. The release notes for MS Edge v95.0.1020.38 (rel. 28-Oct-2021) at https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnote-stable-channel also don’t mention any specific CVEs that were patched in this version.
      ———–
      Dell Inspiron 5584 * 64-bit Win 10 Pro v21H1 build 19043.1288 * Firefox v93.0.0 * MS Edge v95.0.1020.38

      2 users thanked author for this post.
      • #2398725

        Well-spotted. I had assumed that yesterday’s update for Edge included these patches, but it did not:

        October 28, 2021

        Microsoft is aware of the recent exploit existing in the wild. We are actively working on releasing a security patch as reported by the Chromium team.

        Release notes for Microsoft Edge Security Updates

        Windows 10 Pro version 21H2 build 19044.1387 + Microsoft 365 (group ASAP)

        3 users thanked author for this post.
    • #2398751

      Microsoft Edge for Linux is Now Stable

      Microsoft Edge for Linux has reached stable status after spending more than a year in development….

      Edge for Linux also shares the same version cadence as windows., so this wont have CVE-2021-38000 or CVE-2021-38003 zero days patched either..

      | Quality over Quantity |
    • #2398754

      As a newbie to Edge, how does one update it please?

      • #2398755

        Edge is updated automatically.
        You can update manually : … (3 dots) – help and feedback – about Microsoft Edge

        1 user thanked author for this post.
    • #2398787

      Edge 95.0.1020.40 is now available:

      October 29, 2021

      Microsoft has released the latest Microsoft Edge Stable Channel (Version 95.0.1020.40), which incorporates the latest Security Updates of the Chromium project. This update contains a fix for CVE-2021-38000 and CVE-2021-38003 which have been reported by the Chromium team as having an exploit in the wild. For more information, see the Security Update Guide.

      Release notes for Microsoft Edge Security Updates

      Windows 10 Pro version 21H2 build 19044.1387 + Microsoft 365 (group ASAP)

      2 users thanked author for this post.
      • #2398788

        Good catch. Upgraded to 95.0.1020.38 a couple of hours ago and just now upgraded to 95.0.1020.40.

    Viewing 8 reply threads
    Reply To: Zero days in browser

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.