CVE-2026-58281
Analyse et atténuation des vulnérabilités

Aperçu

CVE-2026-58281 is a deserialization of untrusted data vulnerability in Microsoft Edge (Chromium-based) that allows an unauthorized remote attacker to execute arbitrary code over a network. It affects all versions of Microsoft Edge (Chromium-based) prior to 150.0.4078.48 (Microsoft MSRC). The vulnerability was disclosed on July 11, 2026, with a patch released the same day (GitHub Advisory). It carries a CVSS v3.1 base score of 8.3 (High) (Microsoft MSRC).

Détails techniques

The vulnerability is rooted in improper deserialization of untrusted data (CWE-502) within Microsoft Edge (Chromium-based), mapped to CAPEC-586 (Object Injection). An attacker can exploit this by delivering a maliciously crafted payload over the network that, when deserialized by the browser, triggers arbitrary code execution. Exploitation requires user interaction (e.g., visiting a malicious page or opening a crafted file) and has high attack complexity, but requires no privileges and results in a scope change — meaning the impact can extend beyond the browser's security boundary (Microsoft MSRC, GitHub Advisory).

Impact

Successful exploitation results in remote code execution with high impacts to confidentiality, integrity, and availability. Because the vulnerability involves a scope change, the attacker's code may execute outside the browser's sandboxed environment, potentially affecting the underlying operating system or other components. This could enable data theft, installation of malware, lateral movement within a network, or full system compromise (Microsoft MSRC, GitHub Advisory).

Étapes d’exploitation

  1. Reconnaissance: Identify targets running Microsoft Edge (Chromium-based) versions prior to 150.0.4078.48 using passive reconnaissance or social engineering.
  2. Craft malicious payload: Construct a serialized data payload that, when deserialized by the vulnerable Edge component, triggers arbitrary code execution — leveraging object injection techniques (CAPEC-586).
  3. Deliver payload: Host the malicious payload on an attacker-controlled web server or embed it in a document/link distributed via phishing or drive-by download.
  4. Induce user interaction: Lure the target user into visiting the malicious URL or opening the crafted content in Microsoft Edge (e.g., via a phishing email or malicious advertisement).
  5. Trigger deserialization: Edge processes the untrusted serialized data, triggering the deserialization vulnerability and executing the attacker's code, potentially outside the browser sandbox due to the scope change (Microsoft MSRC, GitHub Advisory).

Indicateurs de compromis

  • Network: Unusual outbound connections from the Microsoft Edge process (msedge.exe) to unknown or suspicious IP addresses or domains; unexpected network traffic originating from browser child processes.
  • Process: Unexpected child processes spawned by msedge.exe or its renderer/GPU processes (e.g., cmd.exe, powershell.exe, wscript.exe); unusual process injection activity involving Edge processes.
  • File System: Unexpected files written to user profile directories or temp folders by Edge processes; newly created executables or scripts in %APPDATA%, %TEMP%, or %LOCALAPPDATA%.
  • Logs: Windows Event Logs showing unusual process creation events with msedge.exe as the parent process; application crash logs or unexpected Edge component errors related to deserialization.

Atténuation et solutions de contournement

Microsoft has released a patched version of Microsoft Edge (Chromium-based): 150.0.4078.48. Users and administrators should update Microsoft Edge to this version or later immediately via the browser's built-in update mechanism or enterprise deployment tools (Microsoft MSRC). No specific configuration-based workarounds have been published; upgrading to the patched version is the recommended and primary remediation. Organizations using enterprise management tools (e.g., Microsoft Intune, WSUS) should prioritize deploying the update across managed endpoints.

Réactions de la communauté

The vulnerability received standard automated coverage from vulnerability tracking platforms including VulnDB, Vulners, and CIRCL shortly after disclosure on July 11, 2026 (VulnDB). Social media activity was observed on Mastodon and Bluesky from security-focused accounts, consistent with routine patch Tuesday-style disclosure coverage. No notable independent researcher commentary or significant media coverage beyond automated aggregation has been identified at this time.

Ressources additionnelles


SourceCe rapport a été généré à l’aide de l’IA

Évaluation gratuite des vulnérabilités

Évaluez votre posture de sécurité dans le cloud

Évaluez vos pratiques de sécurité cloud dans 9 domaines de sécurité pour évaluer votre niveau de risque et identifier les failles dans vos défenses.

Demander une évaluation

Obtenez une démo personnalisée

Prêt(e) à voir Wiz en action ?

"La meilleure expérience utilisateur que j’ai jamais vue, offre une visibilité totale sur les workloads cloud."
David EstlickRSSI
"Wiz fournit une interface unique pour voir ce qui se passe dans nos environnements cloud."
Adam FletcherChef du service de sécurité
"Nous savons que si Wiz identifie quelque chose comme critique, c’est qu’il l’est réellement."
Greg PoniatowskiResponsable de la gestion des menaces et des vulnérabilités