CVE-2026-58281
Análisis y mitigación de vulnerabilidades

Vista general

CVE-2026-58281 is a deserialization of untrusted data vulnerability in Microsoft Edge (Chromium-based) that allows an unauthorized remote attacker to execute arbitrary code over a network. It affects all versions of Microsoft Edge (Chromium-based) prior to 150.0.4078.48 (Microsoft MSRC). The vulnerability was disclosed on July 11, 2026, with a patch released the same day (GitHub Advisory). It carries a CVSS v3.1 base score of 8.3 (High) (Microsoft MSRC).

Técnicas

The vulnerability is rooted in improper deserialization of untrusted data (CWE-502) within Microsoft Edge (Chromium-based), mapped to CAPEC-586 (Object Injection). An attacker can exploit this by delivering a maliciously crafted payload over the network that, when deserialized by the browser, triggers arbitrary code execution. Exploitation requires user interaction (e.g., visiting a malicious page or opening a crafted file) and has high attack complexity, but requires no privileges and results in a scope change — meaning the impact can extend beyond the browser's security boundary (Microsoft MSRC, GitHub Advisory).

Impacto

Successful exploitation results in remote code execution with high impacts to confidentiality, integrity, and availability. Because the vulnerability involves a scope change, the attacker's code may execute outside the browser's sandboxed environment, potentially affecting the underlying operating system or other components. This could enable data theft, installation of malware, lateral movement within a network, or full system compromise (Microsoft MSRC, GitHub Advisory).

Pasos de explotación

  1. Reconnaissance: Identify targets running Microsoft Edge (Chromium-based) versions prior to 150.0.4078.48 using passive reconnaissance or social engineering.
  2. Craft malicious payload: Construct a serialized data payload that, when deserialized by the vulnerable Edge component, triggers arbitrary code execution — leveraging object injection techniques (CAPEC-586).
  3. Deliver payload: Host the malicious payload on an attacker-controlled web server or embed it in a document/link distributed via phishing or drive-by download.
  4. Induce user interaction: Lure the target user into visiting the malicious URL or opening the crafted content in Microsoft Edge (e.g., via a phishing email or malicious advertisement).
  5. Trigger deserialization: Edge processes the untrusted serialized data, triggering the deserialization vulnerability and executing the attacker's code, potentially outside the browser sandbox due to the scope change (Microsoft MSRC, GitHub Advisory).

Indicadores de compromiso

  • Network: Unusual outbound connections from the Microsoft Edge process (msedge.exe) to unknown or suspicious IP addresses or domains; unexpected network traffic originating from browser child processes.
  • Process: Unexpected child processes spawned by msedge.exe or its renderer/GPU processes (e.g., cmd.exe, powershell.exe, wscript.exe); unusual process injection activity involving Edge processes.
  • File System: Unexpected files written to user profile directories or temp folders by Edge processes; newly created executables or scripts in %APPDATA%, %TEMP%, or %LOCALAPPDATA%.
  • Logs: Windows Event Logs showing unusual process creation events with msedge.exe as the parent process; application crash logs or unexpected Edge component errors related to deserialization.

Mitigación y soluciones alternativas

Microsoft has released a patched version of Microsoft Edge (Chromium-based): 150.0.4078.48. Users and administrators should update Microsoft Edge to this version or later immediately via the browser's built-in update mechanism or enterprise deployment tools (Microsoft MSRC). No specific configuration-based workarounds have been published; upgrading to the patched version is the recommended and primary remediation. Organizations using enterprise management tools (e.g., Microsoft Intune, WSUS) should prioritize deploying the update across managed endpoints.

Reacciones de la comunidad

The vulnerability received standard automated coverage from vulnerability tracking platforms including VulnDB, Vulners, and CIRCL shortly after disclosure on July 11, 2026 (VulnDB). Social media activity was observed on Mastodon and Bluesky from security-focused accounts, consistent with routine patch Tuesday-style disclosure coverage. No notable independent researcher commentary or significant media coverage beyond automated aggregation has been identified at this time.

Recursos adicionales


FuenteEste informe se generó utilizando IA

Evaluación gratuita de vulnerabilidades

Compare su postura de seguridad en la nube

Evalúe sus prácticas de seguridad en la nube en 9 dominios de seguridad para comparar su nivel de riesgo e identificar brechas en sus defensas.

Solicitar evaluación

Recursos adicionales de Wiz

Obtén una demostración personalizada

¿Listo para ver a Wiz en acción?

"La mejor experiencia de usuario que he visto en mi vida, proporciona una visibilidad completa de las cargas de trabajo en la nube."
David EstlickCISO
"Wiz proporciona un panel único para ver lo que ocurre en nuestros entornos en la nube."
Adam FletcherJefe de Seguridad
"Sabemos que si Wiz identifica algo como crítico, en realidad lo es."
Greg PoniatowskiJefe de Gestión de Amenazas y Vulnerabilidades