New Microsoft Edge 115 Update Addresses 14 Major Security Concerns

On July 21, 2023, Microsoft launched the latest versions of Microsoft Edge Stable and Microsoft Edge Extended Stable to the release channel. The update for Microsoft Edge Stable resolves 14 security flaws in the browser, with three specifically related to Edge and the remaining 11 impacting Chromium.

Chromium serves as the foundation for Microsoft Edge, shared with browsers like Google Chrome, Brave, Vivaldi, and Opera.

Shortly before this, Google rolled out an update for Chrome addressing a total of 20 security issues.

The update has already been rolled out. Users of Edge can verify their current version by selecting Menu > Help > About Microsoft Edge. The browser automatically checks for updates upon accessing the help page, downloading and installing any identified updates.

Following the update installation, the browser version displayed should be 115.0.1901.183 (Microsoft Edge Stable) or 114.0.1823.90 (Microsoft Edge Extended Stable).

Microsoft highlights addressing three Edge-specific vulnerabilities and 11 vulnerabilities affecting all Chromium-based browsers.

One of the Edge-specific vulnerabilities exclusively impacts the Android version. These three vulnerabilities carry moderate to low severity ratings.

• Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability — CVE-2023-38187
• Microsoft Edge for Android Spoofing Vulnerability — CVE-2023-38173
• Microsoft Edge (Chromium-based) Spoofing Vulnerability — CVE-2023-35392

The eleven Chromium-specific security issues are detailed on the Microsoft Update Guide website.

Microsoft Edge 115 brings in several new policies and a solitary addition. The Microsoft Edge management service is a fresh feature in the Microsoft 365 admin center, offering administrators browser management control.

Administrators can establish all Edge policies there, as per Microsoft’s guidance. Further details on the functionality are available on a recently published support page. This feature is exclusively accessible on Microsoft Edge 115 or later versions on Windows 10, Windows 11, or Windows Server 2016 and beyond.

The following new policies have been introduced in Edge 115:

• ComposeInlineEnabled – Enables writing on the web using Compose
• EdgeManagementEnabled – Activates Microsoft Edge management
• EdgeManagementEnrollmentToken – Facilitates Microsoft Edge management enrollment token
• EdgeManagementExtensionsFeedbackEnabled – Enables Microsoft Edge management extensions feedback
• EnhanceSecurityModeIndicatorUIEnabled – Controls the indicator UI of the Enhanced Security Mode (ESM) feature in Microsoft Edge
• EnhanceSecurityModeOptOutUXEnabled – Manages the opt-out user experience for Enhanced Security Mode (ESM) in Microsoft Edge
• SearchForImageEnabled – Activates image search
• WalletDonationEnabled – Enables Wallet Donation

Administrators are strongly recommended to promptly update the browser to safeguard against potential exploits targeting the addressed security loopholes.

Image Source: Unsplash