SOLVED

CVE-2020-15999

%3CLINGO-SUB%20id%3D%22lingo-sub-1807333%22%20slang%3D%22en-US%22%3ECVE-2020-15999%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1807333%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3Eis%20Edge%20concerned%20by%20the%20FreeType%200-day%20%3F%20If%20yes%2C%20what%20version%20fixes%20it%20%3F%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1807453%22%20slang%3D%22en-US%22%3ERe%3A%20CVE-2020-15999%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1807453%22%20slang%3D%22en-US%22%3EIt's%20safe%20to%20assume%20it's%20been%20already%20added%20to%20Edge%2C%20based%20on%20what%20I%20see%20in%20the%20past%20few%20months%2C%20the%20updates%20are%20added%20quickly.%3CBR%20%2F%3E%3CBR%20%2F%3Ethe%20reason%20I%20think%20it's%20already%20added%20is%20because%20if%20you%20look%20at%20here%3A%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Fadvisory%2FADV200002%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Fadvisory%2FADV200002%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3Eand%20here%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdeployedge%2Fmicrosoft-edge-relnotes-security%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdeployedge%2Fmicrosoft-edge-relnotes-security%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3Ethe%20latest%20vision%20in%20there%20is%2086.0.622.38%3CBR%20%2F%3Ewhile%20Edge%20stable%20is%20currently%20at%20Version%2086.0.622.48%20(Official%20build)%20(64-bit)%3CBR%20%2F%3E%3CBR%20%2F%3Eso%20even%20though%20they%20haven't%20updated%20those%20change%20logs%20yet%2C%20I%20think%20it's%20already%20in%20the%20browser%20and%20that%20explains%20the%20higher%20version%20in%20Edge.%20I%20hope%20they%20update%20those%20websites%20faster%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1807498%22%20slang%3D%22en-US%22%3ERe%3A%20CVE-2020-15999%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1807498%22%20slang%3D%22en-US%22%3E%3CP%3EI%20don't%20think%20it's%20added%20to%20Edge%20stable%20yet%2C%20could%20be%20wrong%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFirst%2C%20looking%20at%20these%20websites%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Fadvisory%2FADV200002%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Fadvisory%2FADV200002%3C%2FA%3E%3CBR%20%2F%3E%3CSPAN%3Eand%20here%3C%2FSPAN%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdeployedge%2Fmicrosoft-edge-relnotes-security%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdeployedge%2Fmicrosoft-edge-relnotes-security%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%3Ethe%20latest%20vision%20in%20there%20is%2086.0.622.38%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3Ewhile%20Edge%20stable%20is%20currently%20at%20Version%2086.0.622.48%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3Eso%20they%20haven't%20updated%20them%20yet.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Esecond%2C%20in%20Edge%20stable%26nbsp%3B%3CSPAN%3EVersion%2086.0.622.48%2C%20the%20Chromium%20version%20is%26nbsp%3B86.0.4240.80%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EBut%26nbsp%3BCVE-2020-15999%20got%20fixed%20in%26nbsp%3B86.0.4240.111%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fchromereleases.googleblog.com%2F2020%2F10%2Fstable-channel-update-for-desktop_20.html%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fchromereleases.googleblog.com%2F2020%2F10%2Fstable-channel-update-for-desktop_20.html%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1809954%22%20slang%3D%22en-US%22%3ERe%3A%20CVE-2020-15999%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1809954%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F841919%22%20target%3D%22_blank%22%3E%40NotMyUsername%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EUpdate%3A%3C%2FP%3E%3CP%3E%3CSTRONG%3EEdge%20now%20has%20this%20security%20patch%3C%2FSTRONG%3E%2C%20stable%20just%20got%20updated%20to%26nbsp%3B%3CSPAN%3EVersion%2086.0.622.51%20(Official%20build)%20(64-bit)%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CDIV%20class%3D%22lia-spoiler-container-editor%22%3E%3CTABLE%20border%3D%220%22%20cellspacing%3D%220%22%20cellpadding%3D%220%22%3E%3CTBODY%3E%3CTR%3E%3CTD%3EUser%20agent%3C%2FTD%3E%3CTD%3EMozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F%3CSTRONG%3E86.0.4240.111%3C%2FSTRONG%3E%20Safari%2F537.36%20Edg%2F86.0.622.%3CSTRONG%3E51%3C%2FSTRONG%3E%3C%2FTD%3E%3C%2FTR%3E%3C%2FTBODY%3E%3C%2FTABLE%3E%3C%2FDIV%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Visitor

Hello,

is Edge concerned by the FreeType 0-day ? If yes, what version fixes it ?

Thanks.

2 Replies
Highlighted

I don't think it's added to Edge stable yet, could be wrong

 

First, looking at these websites

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200002
and here
https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security

the latest vision in there is 86.0.622.38
while Edge stable is currently at Version 86.0.622.48

so they haven't updated them yet.

 

second, in Edge stable Version 86.0.622.48, the Chromium version is 86.0.4240.80

 

But CVE-2020-15999 got fixed in 86.0.4240.111

 

https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html

 

Highlighted
Best Response confirmed by NotMyUsername (Occasional Visitor)
Solution

@NotMyUsername 

Update:

Edge now has this security patch, stable just got updated to Version 86.0.622.51 (Official build) (64-bit)

 

User agentMozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36 Edg/86.0.622.51