SOLVED

CVE-2022-1096 - Edge Extended Stable Track

%3CLINGO-SUB%20id%3D%22lingo-sub-3270620%22%20slang%3D%22en-US%22%3ECVE-2022-1096%20-%20Edge%20Extended%20Stable%20Track%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3270620%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3CBR%20%2F%3E%3CBR%20%2F%3ECan%20anyone%20confirm%20whether%20Edge%20Extended%20Stable%26nbsp%3B98.0.1108.92%20contains%20the%20fix%20for%20CVE-2022-1096%3F%20Our%20org's%20information%20security%20team%20has%20some%20urgency%20attached%20to%20this%20and%20I'd%20prefer%20not%20to%20have%20to%20switch%20tracks.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fmsrc.microsoft.com%2Fupdate-guide%2Fvulnerability%2FCVE-2022-1096%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ECVE-2022-1096%20-%20Security%20Update%20Guide%20-%20Microsoft%20-%20Chromium%3A%20CVE-2022-1096%20Type%20Confusion%20in%20V8%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EThanks!%3CBR%20%2F%3EAndrew%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3272297%22%20slang%3D%22en-US%22%3ERe%3A%20CVE-2022-1096%20-%20Edge%20Extended%20Stable%20Track%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3272297%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F458117%22%20target%3D%22_blank%22%3E%40AndrewSAIF%3C%2FA%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F757644%22%20target%3D%22_blank%22%3E%40Kelly_Y%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EThats%20what%20i%20am%20begging%20for%20since%20weeks.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fenterprise%2Fno-documented-security-fixes-in-extended-stable-channel%2Fm-p%2F3263159%22%20target%3D%22_blank%22%3ENo%20documented%20security%20fixes%20in%20extended%20stable%20channel%20-%20Microsoft%20Tech%20Community%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eand%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fenterprise%2Fstill-no-extended-stable-with-urgent-security-fixes-in-download%2Fm-p%2F3249859%22%20target%3D%22_blank%22%3EStill%20no%20extended%20stable%20with%20urgent%20security%20Fixes%20in%20download%20-%20Microsoft%20Tech%20Community%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3270972%22%20slang%3D%22en-US%22%3ERe%3A%20CVE-2022-1096%20-%20Edge%20Extended%20Stable%20Track%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3270972%22%20slang%3D%22en-US%22%3EThanks%20for%20the%20quick%20response%2C%20Kelly.%20I%20think%20it%20would%20be%20less%20confusing%20for%20folks%20if%20the%20Edge%20Extended%20Stable%20versions%20called%20out%20critical%20security%20patches%20similar%20to%20the%20regular%20Stable%20versions%20on%20the%20Release%20Notes%20page.%3CBR%20%2F%3E%3CBR%20%2F%3EAppreciate%20the%20info!%3CBR%20%2F%3EAndrew%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3270950%22%20slang%3D%22en-US%22%3ERe%3A%20CVE-2022-1096%20-%20Edge%20Extended%20Stable%20Track%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3270950%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F458117%22%20target%3D%22_blank%22%3E%40AndrewSAIF%3C%2FA%3E%26nbsp%3BHello!%26nbsp%3B%20Our%20developers%20have%20said%20t%3CSPAN%3Ehe%20fix%20for%20CVE-2022-1096%20was%20backported%26nbsp%3Bto%20MS%20Edge%20Extended%20Stable%20v98.0.1108.92.%26nbsp%3B%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ECurrently%20Microsoft%20Edge%20is%20aligned%20with%20Chrome%20in%20regards%20to%20the%20disclosure%20of%20Security%20Updates%20for%20Extended%20Stable%20releases.%20We%20are%20evaluating%20ways%20to%20make%20improvements%20in%20the%20future.%26nbsp%3B%20Thanks!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CEM%3E-Kelly%26nbsp%3B%26nbsp%3B%3C%2FEM%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Hello,

Can anyone confirm whether Edge Extended Stable 98.0.1108.92 contains the fix for CVE-2022-1096? Our org's information security team has some urgency attached to this and I'd prefer not to have to switch tracks. 

CVE-2022-1096 - Security Update Guide - Microsoft - Chromium: CVE-2022-1096 Type Confusion in V8

Thanks!
Andrew

3 Replies
best response confirmed by AndrewSAIF (Contributor)
Solution

@AndrewSAIF Hello!  Our developers have said the fix for CVE-2022-1096 was backported to MS Edge Extended Stable v98.0.1108.92.  

 

Currently Microsoft Edge is aligned with Chrome in regards to the disclosure of Security Updates for Extended Stable releases. We are evaluating ways to make improvements in the future.  Thanks!

 

-Kelly  

Thanks for the quick response, Kelly. I think it would be less confusing for folks if the Edge Extended Stable versions called out critical security patches similar to the regular Stable versions on the Release Notes page.

Appreciate the info!
Andrew