CVE-2026-58299 edge chromium vulnerability
Time-of-check time-of-use (toctou) race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network.
Quick answer
microsoft edge chromium should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.
Who is affected
Affected versions
- -
Fixed versions
- Apply the latest vendor-supported patched version.
How to fix it
CVE-2026-58299 affects Microsoft Edge for Android. Update Edge to 150.0.4078.48 and prioritize managed devices, kiosk profiles, mobile fleets, and users who open untrusted web content. Affected ranges in the local record are 1.0.0.0 through before 150.0.4078.48.
- Inventory managed desktops, servers, VDI images, Android devices, kiosk devices, and browser channels running Microsoft Edge Chromium.
- Compare installed Edge versions with the affected range for CVE-2026-58299; treat versions before 150.0.4078.48 as needing update where applicable.
- Update Microsoft Edge to 150.0.4078.48 or later through Microsoft update, MDM, Intune, enterprise browser management, or the platform app store.
- Force browser restart or device reboot where needed so the patched browser process replaces old running processes.
- Restrict high-risk browsing during rollout by limiting untrusted sites, disabling unnecessary extensions, and enforcing Safe Browsing and site isolation policies where available.
- Review EDR, browser, proxy, and mobile threat logs for suspicious renderer crashes, spoofing attempts, path traversal indicators, or unexpected downloads tied to CVE-2026-58299.
- Deploy the update to pilot groups first, then complete fleet rollout and monitor update compliance until all devices report the fixed version.
Scan now. Google sign-in is only needed to unlock fix guidance.
Verify the fix
- Confirm Microsoft Edge reports 150.0.4078.48 or later on every managed device and browser channel in scope.
- Verify MDM or endpoint inventory no longer shows affected Edge versions before 150.0.4078.48.
- Check browser crash, EDR, proxy, and mobile security logs after rollout for continued exploitation indicators or update failures.
- Open the generated Fixnx page and confirm the canonical URL ends with edge-chromium-cve-2026-58299.
- Re-run sitemap validation and confirm edge-chromium-cve-2026-58299 appears once in sitemap.xml with the full CVE-2026-58299 suffix.
Related categories
Trusted references
FAQ
What is affected by CVE-2026-58299?
microsoft edge chromium versions listed as affected should be reviewed: -.
What should I fix first?
Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.
How do I confirm the fix worked?
Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.
How are Fixnx security risk categories chosen?
Fixnx keeps one canonical risk page and assigns only broad, relevant categories such as ecosystem, technology area, or vulnerability class.
