Verify Edge and Chrome Chromium CVE Fixes by Version Check

  • Thread Author
Futuristic laptops display holographic security updates against a colorful Google logo.
Short answer — because Microsoft Edge is built on Chromium: Microsoft documents Chromium-assigned CVEs in the Security Update Guide so Edge administrators know when Microsoft’s Edge builds have ingested the upstream Chromium fix and are no longer vulnerable.
How to check your browser version (so you can confirm whether your Edge/Chrome build contains the Chromium fix)
  • Microsoft Edge (desktop: Windows / macOS)
  • Open Edge → click Settings and more (the three dots) → Help and feedback → About Microsoft Edge. The page shows the exact Edge version and will check for/apply updates.
  • Alternate: type edge://version or edge://settings/help in the address bar to see the version and underlying Chromium revision.
  • Google Chrome (desktop)
  • Open Chrome → menu (three dots) → Help → About Google Chrome. The version is displayed and Chrome will check for updates. Or visit chrome://version.
  • Mobile (Edge / Chrome)
  • Open the app → menu → Settings → About (or the app store page) to see the version. (Behavior is the same conceptually across iOS/Android.)
How to use that version number to confirm the CVE is fixed
  • Check the upstream Chrome/Chromium release notes to find which Chromium/Chrome version fixed the CVE (Chrome Releases posts list CVE IDs and the patched Chrome build).
  • Then check Microsoft’s Edge release notes / Security Update Guide to see which Edge build “incorporates the latest Security Updates of the Chromium project” — Edge release notes map Edge versions to the Chromium security updates. If your Edge version is that build or newer, your Edge is no longer vulnerable.
One-paragraph summary you can copy/paste
  • “Microsoft lists Chromium CVEs in the Security Update Guide because Edge consumes Chromium OSS; the SUG entry signals that Microsoft has ingested and shipped the upstream fix in an Edge build. To confirm you’re protected, open Edge → Settings and more → Help and feedback → About Microsoft Edge and make sure the shown Edge version is the same as (or newer than) the version published in Microsoft’s Edge release notes that incorporate the Chromium fix.”
If you want, tell me:
  • which browser (Edge or Chrome) and OS you’re using and I’ll give the exact current version you should be on (and links to the Chrome/Edge release notes that list the specific CVE).

Source: MSRC Security Update Guide - Microsoft Security Response Center
 

Back
Top