🔴 Critical  |  Source: Microsoft Security Response Center


A use-after-free memory vulnerability in Microsoft Edge (Chromium-based) allows a remote, unauthenticated attacker to execute arbitrary code on a victim’s machine over a network. Use-after-free bugs occur when a programme continues to reference memory after it has been freed, which attackers can exploit to hijack execution flow. This is particularly dangerous in a browser context, where visiting a malicious web page or clicking a crafted link could be sufficient to trigger exploitation.

Security Architect’s Take: Prioritise rapid deployment of the patched Edge version across your organisation via Intune or your endpoint management tooling, paying particular attention to privileged users and those accessing cloud management portals through Edge. Consider enforcing browser update compliance policies and review whether Edge is permitted in high-trust environments such as bastion hosts or cloud admin workstations.

Original advisory: CVE-2026-57984 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability