Vivaldi and Microsoft patch 0-day vulnerability in their browsers
Vivaldi and Microsoft have released updates for their web browsers that address security issues, including one that is exploited actively in the wild.
Vivaldi Technologies announced the release of a minor update for the desktop version of the Vivaldi web browser on April 15, 2022. The new version of the web browser is available already and is downloaded and installed automatically on most devices.
Vivaldi users may speed up the installation of the update by selecting Vivaldi Menu > Help > Check for Updates. The page that opens displays the current version that is installed; a newer version is downloaded and installed automatically at this point, if available.
The release announcement on the Vivaldi website is short, but to the point:
[Chromium] Upgraded to 100.0.4896.133 (includes fix for CVE-2022-1364)
Vivaldi released five minor updates for version 5.2 of the browser, which it released in early April 2022.
Microsoft published an update for the desktop version of its Microsoft Edge web browser as well. The update is available already and should be distributed to most devices running Edge automatically.
Edge users may speed up the installation of the update by loading edge://settings/help in the browser's address bar. The page that opens displays the installed version. A check for a newer version is performed automatically on page open, and any new version that is found is downloaded and installed automatically.
The release notes for Microsoft Edge 100.0.1185.44 confirm that the update includes the security fix for the Chromium vulnerability that is exploited in the wild:
This update contains a fix for CVE-2022-1364, which has been reported by the Chromium team as having an exploit in the wild. For more information, see the Security Update Guide.
Microsoft notes that the update includes a fix for the Edge-specific vulnerability as well. The vulnerability, CVE-2022-29144, fixes an elevation of privilege vulnerability in Microsoft's browser. The Edge-specific issue is not exploited actively according to Microsoft.
Google released a security update for its Chrome web browser as well to address the security issues.Advertisement