🟡 Medium  |  Source: Microsoft Security Response Center


A race condition vulnerability in Microsoft Edge (Chromium-based) allows a locally authenticated attacker to access information they should not be able to see. The flaw arises from improper synchronisation when multiple processes share a resource concurrently. While exploitation requires local access, it could expose sensitive data in enterprise environments where Edge is widely deployed.

Security Architect’s Take: Prioritise deploying the patched version of Microsoft Edge across your estate, particularly on privileged workstations and developer machines where sensitive cloud credentials or tokens may be present in the browser. Verify that your endpoint management tooling (e.g. Intune or SCCM) is enforcing automatic browser updates.

Original advisory: CVE-2026-55945 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability