Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network.
There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software? Yes. Customers should apply all updates offered for the software installed on their systems. According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and integrity (I:H), and some loss of availability (A:L). What does that mean for this vulnerability? An attacker who successfully exploited this vulnerability could view sensitive information such as other user's credentials (Confidentiality) and make changes to file contents on the target server (Integrity), and they might be able to force a crash within the server (Availability). According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. How could an attacker exploit this vulnerability? An attacker could attempt to trick a user into interacting with a malicious request that appears legitimate. When the user approves the request, the attacker could cause the app to obtain an access token on the user’s behalf and send it to a location controlled by the attacker, without the user being clearly informed about what access is being granted. What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 149.0.4022.68 06/14/2026 149.0.7827.103 What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 149.0.4022.67 06/15/2026 149.0.7827.103
sangnt (@gnas0x0018) with Viettel Cyber Security