CVE-2026-57992

Microsoft · Edge (Chromium-based)

A Use-After-Free vulnerability in Microsoft Edge (Chromium-based) allows an unauthenticated attacker to perform remote code execution.

Executive summary

A critical Use-After-Free vulnerability in Microsoft Edge (Chromium-based) creates a high risk of remote code execution and requires immediate organizational attention.

Vulnerability

This vulnerability is a Use-After-Free (CWE-416) condition affecting the browser's memory management, which can be leveraged by an unauthenticated attacker. This memory corruption can facilitate the execution of arbitrary code within the context of the user running the browser.

Business impact

Exploitation of this vulnerability threatens the integrity and confidentiality of user systems, potentially allowing unauthorized access to internal resources. With a CVSS score of 7.5, the risk is classified as high, indicating that timely remediation is essential to prevent potential data breaches or system hijacking.

Remediation

Immediate Action: Apply the vendor-provided security update to version 150.0.4078.48 or later across all managed environments.

Proactive Monitoring: Monitor for anomalous browser behavior and ensure that security patches are deployed as part of a regular, accelerated patch management cycle.

Compensating Controls: Implement robust endpoint protection software and restrict browser extensions to those explicitly approved by the organization to reduce the attack surface.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Vulnerabilities involving memory management in web browsers are high-priority targets. It is imperative that administrators update all instances of Microsoft Edge to the latest version immediately to mitigate the risk of remote code execution and maintain system security.