Microsoft Edge (Chromium-based) has received fixes for multiple high-severity vulnerabilities, including remote code execution flaws CVE-2026-58289, CVE-2026-58293, CVE-2026-58285, CVE-2026-58288, CVE-2026-57974, CVE-2026-58284, CVE-2026-58287, CVE-2026-57981, and CVE-2026-56645, as well as the security feature bypass issue CVE-2026-57983. Public records attribute the issues to Microsoft and rate them from high to critical severity, with CVSS scores reaching 9.0 for CVE-2026-58289 and several others scoring in the 8.1-8.8 range.
Advisories from Microsoft and HKCERT indicate the flaws affect Microsoft Edge and require prompt patching through the browser's latest security updates. While some metadata inconsistently marks the bugs as not remotely exploitable, the listed attack characteristics for several entries include low attack complexity, no privileges required, and in many cases user interaction, making browser update compliance and rapid deployment a priority for enterprise defenders.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
3 events from the most recent confirmed update back to the earliest known activity.
On 2026-07-06, HKCERT published a security bulletin titled "Microsoft Edge Multiple Vulnerabilities." The reference indicates a coordinated advisory covering multiple Edge flaws.
On 2026-07-03, multiple Microsoft Edge (Chromium-based) vulnerabilities were published, including remote code execution flaws CVE-2026-58293, CVE-2026-58289, CVE-2026-58285, CVE-2026-58288, CVE-2026-57974, CVE-2026-58284, CVE-2026-58287, CVE-2026-57981, and CVE-2026-56645, as well as security feature bypass flaw CVE-2026-57983. The entries attribute the source to Microsoft and list publication and last-modified dates of July 3, 2026.
On 2026-07-02, Microsoft published a security update for Microsoft Edge Stable Channel addressing vulnerabilities in versions prior to 150.0.4078.48. The Canadian Centre for Cyber Security later advised users and administrators to review Microsoft's release notes and apply the update.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
50 references tracked. Mallory keeps watching after this page renders.
cyber.gc.ca
Open sourcehkcert.org
Open sourcethreataft.com
Open sourcecvefeed.io
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.