Microsoft Edge 115 fixes 14 security issues
Microsoft released new versions of Microsoft Edge Stable and Microsoft Edge Extended Stable to the release channel on July 21, 2023. The Microsoft Edge Stable update fixes 14 unique security issues in the browser, three of which are Edge-specific and the remaining 11 Chromium-specific.
Chromium makes the core of Microsoft Edge, which it shares with Google Chrome, Brave, Vivaldi, Opera and other web browsers.
Google released an update for its Chrome web browser just a day earlier that addressed a total of 20 different security issues.
The update is available already. Edge users may select Menu > Help > About Microsoft Edge to display the current version of the browser that is installed on the device. Microsoft Edge runs an automatic update check when the help page is opened and will download and install any update that it finds.
The browser should display the version 115.0.1901.183 (Microsoft Edge Stable) or 114.0.1823.90 (Microsoft Edge Extended Stable) after the latest update has been installed.
Microsoft reveals here that it addressed three Edge-specific vulnerabilities and eleven vulnerabilities affecting all Chromium-based web browsers.
One of the Edge-specific vulnerabilities affects the Android version of the browser only. The three vulnerabilities have severity ratings of moderate and low.
- Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability -- CVE-2023-38187
- Microsoft Edge for Android Spoofing Vulnerability -- CVE-2023-38173
- Microsoft Edge (Chromium-based) Spoofing Vulnerability -- CVE-2023-35392
The eleven Chromium-specific security issues are listed on the Microsoft Update Guide website.
Microsoft Edge 115 introduces a handful of new policies and just a single new feature. Microsoft Edge management service is a new area in the Microsoft 365 admin center that gives administrators management control over the browser.
Administrators may configure all Edge policies there according to Microsoft. A newly published support page provides additional details on the functionality. Availability is limited to Microsoft Edge 115 or newer on Windows 10, Windows 11 or Windows Server 2016 or newer.
Microsoft lists the following new policies that it added in Edge 115:
- ComposeInlineEnabled - Compose is enabled for writing on the web
- EdgeManagementEnabled - Microsoft Edge management enabled
- EdgeManagementEnrollmentToken - Microsoft Edge management enrollment token
- EdgeManagementExtensionsFeedbackEnabled - Microsoft Edge management extensions feedback enabled
- EnhanceSecurityModeIndicatorUIEnabled - Manage the indicator UI of the Enhanced Security Mode (ESM) feature in Microsoft Edge
- EnhanceSecurityModeOptOutUXEnabled - Manage opt-out user experience for Enhanced Security Mode (ESM) in Microsoft Edge
- SearchForImageEnabled - Search for image enabled
- WalletDonationEnabled - Wallet Donation Enabled
Administrators should upgrade the browser as soon as possible to protect the browser against potential attacks targeting the closed security vulnerabilities.
Now You: do you use Microsoft Edge?
I’m not seeing any of these new policies in the GPE.
Do I need to download an updated policies template or are the new policies only available through this Microsoft 365 admin center?
The latest policy template is available here. https://www.microsoft.com/en-us/edge/business/download?ch&form=MA13FJ
@Martin, Thank you.
I’m old so I have to write stuff down (create a text file), like how to install/update the Group Policies for Edge since it doesn’t happen automatically and I forget how to do it.
So, here’s my notes in case anyone else forgets how to do it in windows.
Copy the 3 admx files from MicrosoftEdgePolicyTemplates.zip\windows\admx to C:\Windows\PolicyDefinitions
msedge.admx
msedgeupdate.admx
msedgewebview2.admx
Copy the 3 adml files from MicrosoftEdgePolicyTemplates.zip\windows\admx\en-US to C:\Windows\PolicyDefinitions\en-US
(Subsitute en-US for language you use)
msedge.adml
msedgeupdate.adml
msedgewebview2.adml
This is what you get when you base your browser on Google’s shoddy workmanship – you get a lot of security vulnerabilities due to Google’s incessant coding errors.
Mozilla aint much better Yanno Andy
In this area of security vulnerabilities due to coder errors, its track record is actually quite a bit better. However, I don’t use chromium-based browsers or Firefox myself.
@Andy Prough
Almost nobody looks at the Firefox code when compared to the Chromium code. A codebase much less tested than Chromium will nominally (not actually) present you with fewer issues. Shocker.
Thanks @Martin for the article! :]