Microsoft Edge Vulnerability Allows Remote Attackers to Execute Code
Microsoft Edge users should update to version 150.0.4078.48 or later after Microsoft disclosed a high-severity remote code execution vulnerability in the Chromium-based browser. The flaw is tracked as CVE-2026-57992 and stems from a use-after-free memory corruption issue, according to the NVD vulnerability record.
The vulnerability can allow an unauthorized remote attacker to execute code over a network if the victim interacts with a specially crafted webpage. Microsoft’s Security Update Guide entry classifies the bug as important and links it to Microsoft Edge Chromium-based builds before the fixed release.
Access content across the globe at the highest speed rate.
70% of our readers choose Private Internet Access
70% of our readers choose ExpressVPN
Browse the web from multiple devices with industry-standard security protocols.
Faster dedicated servers for specific actions (currently at summer discounts)
This is not a silent drive-by issue based on the available CVSS data. Exploitation requires user interaction and carries high attack complexity, which means the attacker must trick the victim into performing specific actions on the malicious page.
What CVE-2026-57992 affects
CVE-2026-57992 affects Microsoft Edge Chromium-based versions before 150.0.4078.48. The Microsoft Edge security release notes show that Microsoft released Edge Stable version 150.0.4078.48 on July 2, 2026, with the latest Chromium security updates.
The bug is classified as CWE-416, or use after free. This type of memory flaw happens when software continues using memory after it has already been freed, creating a path for crashes, memory corruption, or code execution under the right conditions.
NVD lists the CVSS 3.1 score as 7.5, which is High. The vector is network-based, requires no privileges, requires user interaction, has high attack complexity, and carries high confidentiality, integrity, and availability impact.
| Item | Details |
|---|---|
| CVE ID | CVE-2026-57992 |
| Product | Microsoft Edge Chromium-based |
| Weakness | Use after free, CWE-416 |
| Severity | High |
| CVSS score | 7.5 |
| Fixed version | 150.0.4078.48 or later |
How the attack could work
An attacker would need to host or control a malicious webpage designed to trigger the memory corruption condition in Edge. The victim would then need to visit that page and interact with it in a specific way.
The reported attack path involves deceptive or hidden page elements and two sequential tap gestures that can activate Edge’s autofill behavior. Those interaction requirements reduce the chance of fully automated exploitation, but they do not remove the risk.
Attackers could still use phishing emails, instant messages, malicious ads, fake document links, or compromised websites to push victims toward the crafted page. Once the browser reaches the vulnerable state, successful exploitation could allow code execution in the browser process.
Why use-after-free flaws matter in browsers
Use-after-free vulnerabilities remain serious in modern browsers because browsers process complex, attacker-controlled content from the web. Even a bug that requires interaction can become dangerous when combined with social engineering or another browser weakness.
The NVD analysis lists high impact across confidentiality, integrity, and availability. That means successful exploitation could support data access, data modification, or disruption within the affected process.
Browser sandboxing can limit some damage, but defenders should not treat it as a full replacement for patching. A browser exploit can still serve as an entry point for credential theft, session hijacking, payload delivery, or follow-on exploitation.
- The attacker does not need an account on the victim’s system.
- The attack can be delivered over the network through a webpage.
- The victim must interact with the page.
- The attack complexity is rated high.
- The affected software is fixed by updating Edge.
Patch status and affected versions
The important operational detail is that Microsoft has already published a fixed Edge build. The Edge release notes list Microsoft Edge Stable version 150.0.4078.48 as the July 2, 2026 release for desktop Stable channel.
The affected-version range listed in the MSRC advisory and mirrored by vulnerability databases points to versions before 150.0.4078.48. Users and administrators should confirm that Edge has updated to that version or a newer one.
Microsoft Edge normally updates automatically, but managed environments can delay browser updates through enterprise policy, update rings, or testing controls. That makes inventory and version verification important for businesses.
| Microsoft Edge channel or platform | Relevant fixed release noted by Microsoft | Action |
|---|---|---|
| Desktop Stable | 150.0.4078.48 | Update to this build or newer |
| macOS Stable | 150.0.4078.50 | Update to this build or newer |
| Android and iOS | 150.0.4078.50 | Update through the official app store |
What users should do now
Users should update Microsoft Edge and restart the browser. On desktop, Edge users can open Settings, go to About Microsoft Edge, and let the browser check for updates. The browser should show version 150.0.4078.48 or later on the Stable desktop channel.
Until the update is confirmed, users should avoid suspicious links and attachments, especially messages that push them to open unfamiliar webpages, forms, invoices, file-sharing pages, or urgent account prompts.
Users can also enable Microsoft Edge’s added browsing protections. Microsoft says Enhanced Security Mode reduces attack surface on unfamiliar sites by disabling just-in-time JavaScript compilation and enabling additional operating system protections.
- Open Microsoft Edge.
- Go to Settings and more.
- Select Settings.
- Open Privacy, search, and services.
- Scroll to Security.
- Check for the Enhance your security on the web setting.
- Use Balanced or Strict mode based on your browsing needs.
Enterprise mitigation steps
Organizations should first verify Edge versions across managed devices. The priority should be internet-facing users, executives, developers, help desk teams, and employees who frequently handle external links or documents.
Administrators can also manage Edge’s added security posture through the EnhanceSecurityMode policy. Microsoft documents Standard, Balanced, Strict, and deprecated Basic options for enterprise configuration.
For higher-risk users, Strict mode may provide stronger protection, but it can affect site compatibility. Balanced mode offers a more practical default for many environments because it applies extra protections to less familiar sites while preserving normal behavior on commonly used sites.
- Confirm that Edge Stable is on 150.0.4078.48 or newer.
- Check macOS and mobile builds separately.
- Review enterprise update policies that may delay browser patches.
- Enable Enhanced Security Mode for high-risk groups where feasible.
- Warn users about pages that ask for unusual tap or autofill interactions.
- Monitor endpoint alerts for browser crashes followed by suspicious child processes.
Autofill deserves extra attention
The reported exploitation path involves Edge’s autofill mechanism, so organizations should review how autofill is used in managed environments. Autofill is convenient, but attackers often design pages that attempt to confuse users into interacting with hidden or misleading form fields.
Admins should consider whether sensitive groups need stricter browser rules around form filling, password management, or personal data entry on unfamiliar websites. This will not replace the Edge patch, but it can reduce exposure to social engineering around form fields.
Security teams should also reinforce simple user guidance: do not enter or autofill information on pages reached through unexpected links, even if the page appears to ask for routine contact, payment, or login details.
Why this is a priority for security teams
Edge is widely used across Windows environments, and browser flaws can become useful entry points for attackers because they require little more than a convincing link. Even with high attack complexity, a well-crafted phishing campaign can create enough user interaction to matter.
Microsoft’s safer browsing guidance describes enhanced security as defense in depth for memory-related vulnerabilities. That positioning fits CVE-2026-57992 because the flaw sits in the memory corruption category.
The EnhanceSecurityMode documentation also gives administrators a direct policy path for pushing stronger browser security settings across Windows and macOS devices.
Bottom line
CVE-2026-57992 is a high-severity Microsoft Edge remote code execution vulnerability that affects Chromium-based Edge versions before 150.0.4078.48. The attack requires user interaction and high attack complexity, but the potential impact remains significant.
The right response is straightforward: update Edge, verify the installed version, restart the browser, and consider Enhanced Security Mode for users who face a higher risk of phishing or malicious links.
FAQ
CVE-2026-57992 is a high-severity use-after-free vulnerability in Microsoft Edge Chromium-based. It can allow an unauthorized remote attacker to execute code over a network if the victim interacts with a specially crafted webpage.
Microsoft Edge Chromium-based versions before 150.0.4078.48 are listed as affected. Users should update to Edge 150.0.4078.48 or a newer version.
Yes. Microsoft Edge Stable version 150.0.4078.48 is listed as the fixed desktop Stable release. Users should open Edge settings, check About Microsoft Edge, install the latest update, and restart the browser.
The published CVSS vector requires user interaction and high attack complexity. An attacker would need to lure the victim to a malicious webpage and get them to perform specific interactions that trigger the vulnerable behavior.
Organizations should verify that Edge is updated to 150.0.4078.48 or later, review update policies, warn users about suspicious links, consider Enhanced Security Mode for higher-risk groups, and monitor endpoints for suspicious browser-related activity.
Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more
User forum
0 messages