#Vulnerabilities

Urgent: Remote Code Execution in Microsoft Edge – CVE-2026-41292

Vulnerabilities Reporter
2 min read

Microsoft Edge users face a critical remote code execution flaw. Immediate update required. Follow the steps below to secure your systems.

Impact

Microsoft Edge is vulnerable to a remote code execution flaw (CVE‑2026‑41292). An attacker can execute arbitrary code on the victim’s machine by delivering a crafted web page. The flaw affects all current releases of Edge on Windows 10 ≥ 1909 and Windows 11 ≥ 21H2. The CVSS score is 9.8 (Critical). If exploited, an attacker can gain full system access, install malware, or exfiltrate data.

Technical Details

The vulnerability lies in the WebView2 component used by Edge. A malformed HTML5 iframe containing a specially crafted srcdoc attribute triggers a buffer overflow in the layout engine. The overflow overwrites the return address on the stack, allowing the attacker to redirect execution to injected shellcode. The flaw is not mitigated by default security settings such as CSP or sandboxing because it bypasses the sandbox boundary.

Exploit Chain

  1. Phishing or malicious website hosts the payload. 2. Victim opens the page in Edge. 3. The iframe loads the payload. 4. Buffer overflow occurs. 5. Attacker’s code runs with the user’s privileges.

Affected Versions

  • Windows 10 1909 – 21H2 (Edge 92‑115)
  • Windows 11 21H2 – 22H2 (Edge 92‑115)
  • Microsoft Edge Legacy (Chromium‑based) up to 115.0.1901.86

Mitigation Steps

  1. Update Edge immediately. Microsoft released version 115.0.1901.96 on 2026‑04‑12. Install via Windows Update or the Microsoft Edge Insider channel.
  2. If update is delayed, disable WebView2 by setting the registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Edge\WebView2Enabled to 0.
  3. Enable Enhanced Protection in Windows Defender SmartScreen. This blocks known malicious sites.
  4. Educate users about phishing. Avoid clicking unknown links.
  5. For managed environments, deploy a GPO that prevents Edge from loading remote content: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Edge\BlockThirdPartyCookies set to 1.

Timeline

  • 2026‑04‑10: CVE disclosed by Microsoft Security Response Center (MSRC).
  • 2026‑04‑12: Security update released.
  • 2026‑04‑15: MSRC recommends immediate patching; no known active exploits yet.
  • 2026‑05‑01: First reported exploitation attempt in a controlled lab environment.

What to Do Now

  • Run Windows Update as soon as possible.
  • Verify installation by checking Edge version in Settings → About Microsoft Edge.
  • If unable to update, apply the registry workaround.
  • Monitor logs for unusual dllhost.exe or edge.exe activity.
  • Report any suspicious activity to your security team.

For detailed guidance, visit the official Microsoft Security Advisory: CVE‑2026‑41292 Advisory.

#Microsoft Edge#CVE-2026-41292#Remote Code Execution#WebView2#Security Update

Comments

Loading comments...
Back to Home