In Edge stable version 99.0.1150.46, released yesterday, a security vulnerability was fixed. The vulnerability is numbered “CVE-2022-26899” and is a privilege escalation vulnerability. The underlying Chromium version 99.0.4844.74 also has several security patches, one of which is a critical patch.
These patch fixes are as follows:
- [1299422] Critical CVE-2022-0971: Use after free exists in Blink layout. Reported by Sergei Glazunov of Google Project Zero on 2022-02-21.
- [1301320] High CVE-2022-0972. Find Use after free in Extensions. Reported by Sergei Glazunov at Google Project Zero on 2022-02-28.
- [1297498] High CVE-2022-0973. Found Use after free in Safe Browsing. Reported by SSL’s avaue and Buff3tts on 2022-02-15
- [1291986] High CVE-2022-0974: Use after free exists in split-screen. Reported by @ginggilBesel on 2022-01-28
- [1295411] High CVE-2022-0975: Use after free exists in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-02-09
- [1296866] High CVE-2022-0976: Heap buffer overflow in GPU. Reported by Omair on 2022-02-13
- [1299225] High CVE-2022-0977: Use after release in browser UI. Reported by Khalil Zhani on 2022-02-20
- [1299264] High CVE-2022-0978. Use after free exists in ANGLE. Reporting by Cassidy Kim, Amber Security Lab, OPPO Mobile Communications Company. Ltd. on 2022-02-20
- [1302644] High CVE-2022-0979: Use after free exists in Safe Browsing. Reported by Anonymous on 2022-03-03
- [1302157] in CVE-2022-0980. Use after free exists in the new tab page. Reported by Krace on 2022-03-02