Microsoft Edge Security Update Summary

Microsoft has released a security update that addresses multiple vulnerabilities in the Chromium-based Microsoft Edge. as of 2026-04-03, versions of Microsoft Edge prior to 146.0.7680.178 are affected.

Impact and Risk

• the vulnerabilities exist in the core components of the browser, including ANGLE, V8, GPU, WebGL, Dawn, Compositing, Codecs, PDF, WebCodecs, Navigation, CSS, and WebUSB.
• the types of vulnerabilities reported include memory use-after-free, heap buffer overflows, integer overflows, improper feature implementation, and policy enforcement.
• such vulnerabilities, when exploited, have the potential to cause serious security impacts, including remote code execution, object pollution, information leakage, and bypassing of privileges and policies.

Examples of major CVEs

• ANGLE-related vulnerabilities include CVE-2026-5283, CVE-2026-5277, and CVE-2026-5275.
• CVE-2026-5279 is related to V8 object corruption.
• A number of CVEs related to memory safety issues were reported, including CVE-2026-5273, CVE-2026-5274, CVE-2026-5290, and CVE-2026-5286.
• CVE-2026-5276 is related to insufficient policy enforcement in WebUSB.

Response and Advisory

• affected systems should apply the update provided by Microsoft (version 146.0.7680.178 or later).
• This can be done automatically through Windows Update, or manually by downloading the patch file from the Microsoft-provided product information page.
• failure to promptly apply browser updates continues to expose users to remote attacks through malicious web content or specially crafted files.