Microsoft Edge releases new version patching bugs, and an important privacy change
Take action: If you are using Microsoft Edge - update to the latest version, it's extremely quick. Also, if you are concerned about privacy, disable the new telemetry (sending of search histories to external parties).
Learn More
Microsoft has released version 120.0.2210.61 of the Edge browser, addressing a mix of inherited Chromium bugs and Edge-specific security vulnerabilities.
- The most critical is tracked as CVE-2023-35618 (CVSS score 9.6), a vulnerability that could lead to a browser sandbox escape and code execution. This flaw requires user interaction, such as visiting a specifically crafted website and opening a file, to exploit. Despite its critical nature as per the CVSS, Microsoft has classified it as a medium risk because it requires more than a single click or keystroke to exploit.
- Another important aspect of this update is the patching of two information disclosure vulnerabilities, CVE-2023-36880 and CVE-2023-38174, with CVSS scores of 4.8 and 4.3, respectively. These vulnerabilities are considered less severe as they involve only limited risk for sensitive information exposure.
Privacy change - The release notes of Edge version 120 discreetly mention a policy change titled "Edge 3P SERP Telemetry Enabled," which allows the forwarding of search histories to external parties unless explicitly deactivated by users or system administrators.
