SOLVED

CVE-2020-15999

%3CLINGO-SUB%20id%3D%22lingo-sub-1807333%22%20slang%3D%22en-US%22%3ECVE-2020-15999%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1807333%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3Eis%20Edge%20concerned%20by%20the%20FreeType%200-day%20%3F%20If%20yes%2C%20what%20version%20fixes%20it%20%3F%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1807453%22%20slang%3D%22en-US%22%3ERe%3A%20CVE-2020-15999%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1807453%22%20slang%3D%22en-US%22%3EIt's%20safe%20to%20assume%20it's%20been%20already%20added%20to%20Edge%2C%20based%20on%20what%20I%20see%20in%20the%20past%20few%20months%2C%20the%20updates%20are%20added%20quickly.%3CBR%20%2F%3E%3CBR%20%2F%3Ethe%20reason%20I%20think%20it's%20already%20added%20is%20because%20if%20you%20look%20at%20here%3A%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Fadvisory%2FADV200002%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Fadvisory%2FADV200002%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3Eand%20here%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdeployedge%2Fmicrosoft-edge-relnotes-security%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdeployedge%2Fmicrosoft-edge-relnotes-security%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3Ethe%20latest%20vision%20in%20there%20is%2086.0.622.38%3CBR%20%2F%3Ewhile%20Edge%20stable%20is%20currently%20at%20Version%2086.0.622.48%20(Official%20build)%20(64-bit)%3CBR%20%2F%3E%3CBR%20%2F%3Eso%20even%20though%20they%20haven't%20updated%20those%20change%20logs%20yet%2C%20I%20think%20it's%20already%20in%20the%20browser%20and%20that%20explains%20the%20higher%20version%20in%20Edge.%20I%20hope%20they%20update%20those%20websites%20faster%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1807498%22%20slang%3D%22en-US%22%3ERe%3A%20CVE-2020-15999%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1807498%22%20slang%3D%22en-US%22%3E%3CP%3EI%20don't%20think%20it's%20added%20to%20Edge%20stable%20yet%2C%20could%20be%20wrong%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFirst%2C%20looking%20at%20these%20websites%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Fadvisory%2FADV200002%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Fadvisory%2FADV200002%3C%2FA%3E%3CBR%20%2F%3E%3CSPAN%3Eand%20here%3C%2FSPAN%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdeployedge%2Fmicrosoft-edge-relnotes-security%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdeployedge%2Fmicrosoft-edge-relnotes-security%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%3Ethe%20latest%20vision%20in%20there%20is%2086.0.622.38%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3Ewhile%20Edge%20stable%20is%20currently%20at%20Version%2086.0.622.48%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3Eso%20they%20haven't%20updated%20them%20yet.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Esecond%2C%20in%20Edge%20stable%26nbsp%3B%3CSPAN%3EVersion%2086.0.622.48%2C%20the%20Chromium%20version%20is%26nbsp%3B86.0.4240.80%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EBut%26nbsp%3BCVE-2020-15999%20got%20fixed%20in%26nbsp%3B86.0.4240.111%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fchromereleases.googleblog.com%2F2020%2F10%2Fstable-channel-update-for-desktop_20.html%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fchromereleases.googleblog.com%2F2020%2F10%2Fstable-channel-update-for-desktop_20.html%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1809954%22%20slang%3D%22en-US%22%3ERe%3A%20CVE-2020-15999%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1809954%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F841919%22%20target%3D%22_blank%22%3E%40NotMyUsername%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EUpdate%3A%3C%2FP%3E%3CP%3E%3CSTRONG%3EEdge%20now%20has%20this%20security%20patch%3C%2FSTRONG%3E%2C%20stable%20just%20got%20updated%20to%26nbsp%3B%3CSPAN%3EVersion%2086.0.622.51%20(Official%20build)%20(64-bit)%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CDIV%20class%3D%22lia-spoiler-container-editor%22%3E%3CTABLE%20border%3D%220%22%20cellspacing%3D%220%22%20cellpadding%3D%220%22%3E%3CTBODY%3E%3CTR%3E%3CTD%3EUser%20agent%3C%2FTD%3E%3CTD%3EMozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F%3CSTRONG%3E86.0.4240.111%3C%2FSTRONG%3E%20Safari%2F537.36%20Edg%2F86.0.622.%3CSTRONG%3E51%3C%2FSTRONG%3E%3C%2FTD%3E%3C%2FTR%3E%3C%2FTBODY%3E%3C%2FTABLE%3E%3C%2FDIV%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

Hello,

is Edge concerned by the FreeType 0-day ? If yes, what version fixes it ?

Thanks.

2 Replies

I don't think it's added to Edge stable yet, could be wrong

 

First, looking at these websites

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200002
and here
https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security

the latest vision in there is 86.0.622.38
while Edge stable is currently at Version 86.0.622.48

so they haven't updated them yet.

 

second, in Edge stable Version 86.0.622.48, the Chromium version is 86.0.4240.80

 

But CVE-2020-15999 got fixed in 86.0.4240.111

 

https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html

 

best response confirmed by NotMyUsername (Occasional Visitor)
Solution

@NotMyUsername 

Update:

Edge now has this security patch, stable just got updated to Version 86.0.622.51 (Official build) (64-bit)

 

User agentMozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36 Edg/86.0.622.51