🟠 High | Source: Microsoft Security Response Center
A use-after-free memory vulnerability in Microsoft Edge (Chromium-based) allows a remote, unauthenticated attacker to execute arbitrary code on a victim’s machine over a network. Use-after-free flaws occur when a programme continues to use memory after it has been freed, which attackers can manipulate to gain code execution. This is particularly concerning as exploitation requires no prior authentication and can be triggered remotely.
Security Architect’s Take: Ensure Edge is updated to the patched version immediately across all managed endpoints, prioritising internet-facing workstations and those used to access cloud management consoles such as the Azure Portal, as a compromised browser session could expose credentials or tokens with elevated cloud permissions.
Original advisory: CVE-2026-58287 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability