
PEACH
Un cadre d’isolation des locataires
CVE-2026-58281 is a deserialization of untrusted data vulnerability in Microsoft Edge (Chromium-based) that allows an unauthorized remote attacker to execute arbitrary code over a network. It affects all versions of Microsoft Edge (Chromium-based) prior to 150.0.4078.48 (Microsoft MSRC). The vulnerability was disclosed on July 11, 2026, with a patch released the same day (GitHub Advisory). It carries a CVSS v3.1 base score of 8.3 (High) (Microsoft MSRC).
The vulnerability is rooted in improper deserialization of untrusted data (CWE-502) within Microsoft Edge (Chromium-based), mapped to CAPEC-586 (Object Injection). An attacker can exploit this by delivering a maliciously crafted payload over the network that, when deserialized by the browser, triggers arbitrary code execution. Exploitation requires user interaction (e.g., visiting a malicious page or opening a crafted file) and has high attack complexity, but requires no privileges and results in a scope change — meaning the impact can extend beyond the browser's security boundary (Microsoft MSRC, GitHub Advisory).
Successful exploitation results in remote code execution with high impacts to confidentiality, integrity, and availability. Because the vulnerability involves a scope change, the attacker's code may execute outside the browser's sandboxed environment, potentially affecting the underlying operating system or other components. This could enable data theft, installation of malware, lateral movement within a network, or full system compromise (Microsoft MSRC, GitHub Advisory).
msedge.exe) to unknown or suspicious IP addresses or domains; unexpected network traffic originating from browser child processes.msedge.exe or its renderer/GPU processes (e.g., cmd.exe, powershell.exe, wscript.exe); unusual process injection activity involving Edge processes.%APPDATA%, %TEMP%, or %LOCALAPPDATA%.msedge.exe as the parent process; application crash logs or unexpected Edge component errors related to deserialization.Microsoft has released a patched version of Microsoft Edge (Chromium-based): 150.0.4078.48. Users and administrators should update Microsoft Edge to this version or later immediately via the browser's built-in update mechanism or enterprise deployment tools (Microsoft MSRC). No specific configuration-based workarounds have been published; upgrading to the patched version is the recommended and primary remediation. Organizations using enterprise management tools (e.g., Microsoft Intune, WSUS) should prioritize deploying the update across managed endpoints.
The vulnerability received standard automated coverage from vulnerability tracking platforms including VulnDB, Vulners, and CIRCL shortly after disclosure on July 11, 2026 (VulnDB). Social media activity was observed on Mastodon and Bluesky from security-focused accounts, consistent with routine patch Tuesday-style disclosure coverage. No notable independent researcher commentary or significant media coverage beyond automated aggregation has been identified at this time.
Source: Ce rapport a été généré à l’aide de l’IA
Évaluation gratuite des vulnérabilités
Évaluez vos pratiques de sécurité cloud dans 9 domaines de sécurité pour évaluer votre niveau de risque et identifier les failles dans vos défenses.
Obtenez une démo personnalisée
"La meilleure expérience utilisateur que j’ai jamais vue, offre une visibilité totale sur les workloads cloud."
"Wiz fournit une interface unique pour voir ce qui se passe dans nos environnements cloud."
"Nous savons que si Wiz identifie quelque chose comme critique, c’est qu’il l’est réellement."