After Google fixed 28 security vulnerabilities, the Microsoft Edge browser, which is also based on Chromium, has also followed suit with a version 108 update. In the latest version 108.0.1462.41 update, Microsoft fixed a total of 25 vulnerabilities, including the CVE-2022-4262 vulnerability that has been exploited by hackers.
Unlike previous updates, this Microsoft Edge update does not include Google services. Several vulnerabilities, including CVE-2022-4174 to CVE-2022-4195, as well as CVE-2022-4262, CVE-2022-44688 and CVE-2022-44708, will be followed up with fixes.
Microsoft Edge 108 stable release also introduces Graph APIs for Cloud Site List Management, allowing IT administrators to create, manage and publish site lists for IE Mode in the on-premises cloud.
In terms of new policies, the following two new policies have been introduced.
EncryptedClientHelloEnabled – TLS Encrypted ClientHello can be enabled
NewTabPageAppLauncherEnabled – hides the application launcher on the Microsoft Edge new tab page
ECH (Encrypted Client Hello) also uses DoH for key distribution, but the distribution process has been improved. In contrast to the ESNI server, which terminates the connection after a failed decryption, the ECH server provides the client with a public key to retry the connection in order to complete the handshake.
