Gandalf_The_Grey

Level 36
Verified
Trusted
Content Creator
Last edited:

security123

Level 26
Verified
Just got an update today to version 85.0.564.51
No changelog yet:
Several bugs and performance issues have been fixed:
  • Security Fixes -> CVE-2020-6573, CVE-2020-6574, CVE-2020-6575, CVE-2020-6576 and CVE-2020-15959.
 

Gandalf_The_Grey

Level 36
Verified
Trusted
Content Creator
Several bugs and performance issues have been fixed:
  • Security Fixes -> CVE-2020-6573, CVE-2020-6574, CVE-2020-6575, CVE-2020-6576 and CVE-2020-15959.
And now also posted by Microsoft:
Microsoft Edge VersionDate ReleasedBased on Chromium VersionHighest Severity Fix in ReleaseCVEs
85.0.564.519/9/202085.0.4183.102HighCVE-2020-6574, CVE-2020-6575, CVE-2020-6576, CVE-2020-15959
 

Gandalf_The_Grey

Level 36
Verified
Trusted
Content Creator

Gandalf_The_Grey

Level 36
Verified
Trusted
Content Creator
Version 86.0.622.38: October 9
Chromium Security Updates for Microsoft Edge:

Release notes for Microsoft Edge Stable Channel:

Feature updates​

  • Roll back to previous Microsoft Edge version. The rollback feature lets administrators revert to a known good version of Microsoft Edge if there's an issue in the latest version of Microsoft Edge. Note: Stable version 86.0.622.38 is the first version you can roll back to, which means that Stable version 87 is the first version ready to rollback from. Learn more.
  • Enforce enabling Sync by default across the enterprise. Administrators can enable synchronization for Azure Active Directory (Azure AD) accounts by default with the ForceSync policy.
  • Automatic profile switching on Windows 7 and 8.1. The automatic profile switching currently available in Microsoft Edge on Windows 10 is extended to downlevel Windows (Windows 7 and 8.1). For more information, see the automatic profile switching blog post.
  • SameSite=Lax Cookies By Default. To improve web security and privacy, cookies will now default to SameSite=Lax handling by default. This means that cookies will only be sent in a first-party context and will be omitted for requests sent to third-parties. This change can cause compatibility impact on websites that require cookies for third-party resources to function correctly. To permit such cookies, web developers can mark cookies which should be set from and sent to third-party contexts by adding explicit SameSite=none and Secure attributes when the cookie is set. Enterprises that wish to exempt certain sites from this change can do so using the LegacySameSiteCookieBehaviorEnabledForDomainList policy, or can opt-out of the change across all sites using the LegacySameSiteCookieBehaviorEnabled policy.
  • Remove the HTML5 Application Cache API. Beginning with Microsoft Edge version 86, the legacy Application Cache API that enables offline use of web pages is being removed from Microsoft Edge. Web Developers should review the WebDev documentation for information on replacing the Application Cache API with Service Workers. Important: You can request an AppCache OriginTrial Token that allows sites to continue to use the deprecated Application Cache API until Microsoft Edge version 90.
  • Privacy and Security:
    • Replace MetricsReportingEnabled and SendSiteInformationToImproveServices policies for downlevel Windows and macOS. These policies are deprecated in Microsoft Edge version 86 and will become obsolete in Microsoft Edge version 89.
      These policies are replaced by Allow Telemetry on Windows 10, and the new DiagnosticData policy for all other platforms. This will let users manage the diagnostic data that gets sent to Microsoft for Windows 7, 8, 8.1 and macOS.
    • Secure DNS (DNS-over-HTTPS) support. Beginning with Microsoft Edge version 86, settings to control Secure DNS on un-managed devices is available. These settings aren't accessible to users on managed devices, but IT admins can enable or disable Secure DNS using the dnsoverhttpsmode group policy.
    • Passwords found in an online leak. Microsoft Edge checks your passwords against a repository of known-breached credentials and alerts you if a match is found.
  • Internet Explorer mode: Let users use the Microsoft Edge User Interface (UI) to test sites in Internet Explorer mode. Beginning with Microsoft Edge version 86, administrators can enable a UI option for their users to load a tab in Internet Explorer mode for testing purposes or as a stopgap until sites are added to the site list XML.
  • PDF updates:
    • Table of contents for PDF Documents. Beginning with version 86, Microsoft Edge has added support for table of contents that lets users easily navigate through PDF documents.
    • Access all PDF functionalities on small form factor screens. Access all the capabilities of the Microsoft Edge PDF reader on devices with small screen sizes.
    • Pen support for highlighter on PDF files. With this update, users can use their digital pen to directly highlight text on PDF files, in the same way they would with a physical highlighter and paper.
    • Improved PDF scrolling. You will now be able to experience stutter free scrolling while navigating through long PDF documents.
  • Users will see auto complete suggestions when they start typing a search query on the Microsoft Edge Add-ons website. Auto complete will help users quickly complete their search query without having to type the entire string. This will be helpful because users won't have to remember correct spellings and they can choose from the available options that are displayed.
  • Add a custom image to the New Tab Page (NTP) using a group policy. Beginning with Microsoft Edge version 86 the NTP has an option to replace the default image with a custom user-supplied image. The ability to manage the properties of this image is also supported by the group policy.
  • Match customized keyboard shortcuts to VS Code. Microsoft Edge DevTools now supports customizing keyboard shortcuts in the DevTools to match with your editor/IDE. (In Microsoft Edge 84, we added the ability to match DevTools keyboard shortcuts to VS Code).
  • Delete downloads from disk using download manager. Users are now able to delete their downloaded files from their disk without leaving the browser. The new Delete downloads functionality exists within the context menu of downloads shelf or the downloads page
(Edited my post because all documentation is now available)
 
Last edited:

security123

Level 26
Verified

Security baseline for Microsoft Edge version 86


We have reviewed the new settings in Microsoft Edge version 86 and determined that there are no additional security settings that require enforcement. The settings from the Microsoft Edge version 85 package continue to be our recommended baseline. That baseline package can be downloaded from the Microsoft Security Compliance Toolkit.



Microsoft Edge version 86 introduced 32 new computer settings and 28 new user settings. We have attached a spreadsheet listing the new settings to make it easier for you to find them.



As a friendly reminder, all available settings for Microsoft Edge are documented here, and all available settings for Microsoft Edge Update are documented here.



Please continue to give us feedback through the Security Baselines Discussion site or this post.
 

Gandalf_The_Grey

Level 36
Verified
Trusted
Content Creator
 

razorfancy

Level 2
Verified
My Edge Chromium just updated to build 86.0.622.43

 
Top