Edge 86.0.622.38 Sicherheitsupdate

[English]Microsoft hat zum 8. Oktober 2020 den Chromium Edge Browser auf die Version 86.0.622.38 aktualisiert. Diese Version leitet einen neuen Entwicklungszweig ein und behebt nebenbei eine Reihe kritischer Schwachstellen.

Der Browser basiert auf der Chromium Version 86.0.4240.75 und sollte sich automatisch aktualisieren. Das Browser-Update schließt laut ADV200002 folgende als hoch bewertete Schwachstellen:

CVE-2020-6557, CVE-2020-15968,
CVE-2020-15969, CVE-2020-15971,
CVE-2020-15972, CVE-2020-15973,
CVE-2020-15974, CVE-2020-15975,
CVE-2020-15977, CVE-2020-15979,
CVE-2020-15981, CVE-2020-15982,
CVE-2020-15985, CVE-2020-15987,
CVE-2020-15988, CVE-2020-15989,
CVE-2020-15990, CVE-2020-15991,
CVE-2020-15992

In den Release Notes kündigt Microsoft folgende Neuerungen an:

• Roll back to previous Microsoft Edge version. The rollback feature lets administrators revert to a known good version of Microsoft Edge if there's an issue in the latest version of Microsoft Edge. Note: Stable version 86.0.622.38 is the first version you can roll back to, which means that Stable version 87 is the first version ready to rollback from. Learn more.
• Enforce enabling Sync by default across the enterprise. Administrators can enable synchronization for Azure Active Directory (Azure AD) accounts by default with the ForceSync policy.
• Automatic profile switching on Windows 7 and 8.1. The automatic profile switching currently available in Microsoft Edge on Windows 10 is extended to downlevel Windows (Windows 7 and 8.1). For more information, see the automatic profile switching blog post.
• SameSite=Lax Cookies By Default. To improve web security and privacy, cookies will now default to SameSite=Lax handling by default. This means that cookies will only be sent in a first-party context and will be omitted for requests sent to third-parties. This change can cause compatibility impact on websites that require cookies for third-party resources to function correctly. To permit such cookies, web developers can mark cookies which should be set from and sent to third-party contexts by adding explicit SameSite=none and Secure attributes when the cookie is set. Enterprises that wish to exempt certain sites from this change can do so using the LegacySameSiteCookieBehaviorEnabledForDomainList policy, or can opt-out of the change across all sites using the LegacySameSiteCookieBehaviorEnabled policy.
• Remove the HTML5 Application Cache API. Beginning with Microsoft Edge version 86, the legacy Application Cache API that enables offline use of web pages is being removed from Microsoft Edge. Web Developers should review the WebDev documentation for information on replacing the Application Cache API with Service Workers. Important: You can request an AppCache OriginTrial Token that allows sites to continue to use the deprecated Application Cache API until Microsoft Edge version 90.
• Privacy and Security:
  • Replace MetricsReportingEnabled and SendSiteInformationToImproveServices policies for downlevel Windows and macOS. These policies are deprecated in Microsoft Edge version 86 and will become obsolete in Microsoft Edge version 89.
    These policies are replaced by Allow Telemetry on Windows 10, and the new DiagnosticData policy for all other platforms. This will let users manage the diagnostic data that gets sent to Microsoft for Windows 7, 8, 8.1 and macOS.
  • Secure DNS (DNS-over-HTTPS) support. Beginning with Microsoft Edge version 86, settings to control Secure DNS on un-managed devices is available. These settings aren't accessible to users on managed devices, but IT admins can enable or disable Secure DNS using the dnsoverhttpsmode group policy.
  • Passwords found in an online leak. Microsoft Edge checks your passwords against a repository of known-breached credentials and alerts you if a match is found.
• Internet Explorer mode: Let users use the Microsoft Edge User Interface (UI) to test sites in Internet Explorer mode. Beginning with Microsoft Edge version 86, administrators can enable a UI option for their users to load a tab in Internet Explorer mode for testing purposes or as a stopgap until sites are added to the site list XML.
• PDF updates:
  • Table of contents for PDF Documents. Beginning with version 86, Microsoft Edge has added support for table of contents that lets users easily navigate through PDF documents.
  • Access all PDF functionalities on small form factor screens. Access all the capabilities of the Microsoft Edge PDF reader on devices with small screen sizes.
  • Pen support for highlighter on PDF files. With this update, users can use their digital pen to directly highlight text on PDF files, in the same way they would with a physical highlighter and paper.
  • Improved PDF scrolling. You will now be able to experience stutter free scrolling while navigating through long PDF documents.
• Users will see auto complete suggestions when they start typing a search query on the Microsoft Edge Add-ons website. Auto complete will help users quickly complete their search query without having to type the entire string. This will be helpful because users won't have to remember correct spellings and they can choose from the available options that are displayed.
• Add a custom image to the New Tab Page (NTP) using a group policy. Beginning with Microsoft Edge version 86 the NTP has an option to replace the default image with a custom user-supplied image. The ability to manage the properties of this image is also supported by the group policy.
• Match customized keyboard shortcuts to VS Code. Microsoft Edge DevTools now supports customizing keyboard shortcuts in the DevTools to match with your editor/IDE. (In Microsoft Edge 84, we added the ability to match DevTools keyboard shortcuts to VS Code).
• Delete downloads from disk using download manager. Users are now able to delete their downloaded files from their disk without leaving the browser. The new Delete downloads functionality exists within the context menu of downloads shelf or the downloads page.

Eine deutschsprachige Beschreibung der Änderungen findet sich bei Dr. Windows. In den Release Notes gibt es auch Hinweise auf neue Richtlinien für den aktualisierten Edge-Browser.