🔴 Critical  |  Source: Microsoft Security Response Center


A type confusion vulnerability in Microsoft Edge (Chromium-based) allows an unauthenticated attacker to execute arbitrary code remotely by exploiting how the browser handles certain resource types. This class of bug is considered high-risk because it can be triggered without user authentication and may require only minimal interaction, such as visiting a malicious webpage. Organisations relying on Edge for cloud console access or web-based tooling face elevated exposure.

Security Architect’s Take: Prioritise enforcing Edge browser updates across your estate via Intune or Group Policy immediately, paying particular attention to virtual machines, AVD environments, and developer workstations used to access cloud management portals where exploitation could pivot into privileged cloud sessions.

Original advisory: CVE-2026-57975 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability