CERT-In Warns of Critical Microsoft Edge Vulnerabilities Allowing Remote Code Execution
CERT-In Warns of Critical Microsoft Edge Flaws

The Indian Computer Emergency Response Team (CERT-In) has issued a warning about critical vulnerabilities in Microsoft Edge that could allow remote attackers to execute arbitrary code and steal sensitive data. The flaws, if exploited, could lead to full system compromise.

Vulnerability Details

CERT-In identified multiple security flaws in Microsoft Edge that could be triggered by visiting a malicious website. These vulnerabilities enable attackers to execute arbitrary code on the victim's system, gain unauthorized access, and exfiltrate personal data. The attack method involves tricking users into granting access tokens on compromised websites, allowing threat actors to seize control of the system.

According to CERT-In, the vulnerabilities are rated as critical and affect all versions of Microsoft Edge prior to the latest patch. Users are urged to update their browsers immediately to mitigate the risk.

Wide Pickt banner — collaborative shopping lists app for Telegram, phone mockup with grocery list

Microsoft's Response

Microsoft acknowledged the issues and released a security update, version 149.0.4022.68, for Microsoft Edge. The patch addresses the vulnerabilities and prevents potential exploitation. Users are advised to install the update as soon as possible to protect their systems from remote code execution and data theft attacks.

"Microsoft has released a security update to address these vulnerabilities. Users are strongly recommended to apply the patch promptly," a CERT-In advisory stated.

Apple's Concurrent Security Update

In a related development, Apple issued iOS 26.5.2 to fix critical vulnerabilities in Kernel, WebKit, and other components. These flaws could allow attackers to cause system crashes or steal data. Apple's update is available for all compatible devices, and users are encouraged to install it to ensure device security.

The iOS update addresses multiple security issues, including memory corruption bugs in WebKit that could lead to arbitrary code execution. Apple confirmed that the vulnerabilities were actively exploited in some cases.

Impact and Recommendations

The combined vulnerabilities highlight the importance of regular software updates. CERT-In recommends users enable automatic updates for browsers and operating systems. For Microsoft Edge, the latest patched version is 149.0.4022.68. For Apple devices, iOS 26.5.2 is the latest secure version.

Organizations should also educate employees about the risks of visiting untrusted websites and granting unnecessary permissions. Regular security audits and patch management are essential to defend against such threats.

Pickt after-article banner — collaborative shopping lists app with family illustration