Microsoft Edge Users Warned to Update After Multiple Security Flaws Flagged in Versions Below 149.0.4022.53

Microsoft Edge Users Warned to Update After Multiple Security Flaws Flagged in Versions Below 149.0.4022.53

A new security advisory warns Microsoft Edge users that multiple vulnerabilities affect every version of the browser older than build 149.0.4022.53, with flaws serious enough to allow attackers to run malicious code or gain elevated system access.

The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) issued the warning June 10, raising the safe version threshold to .53 and urging users to update immediately.

What the Flaws Allow

The advisory identifies vulnerabilities enabling remote code execution — where an attacker runs code on a victim’s machine without physical access — as well as security restriction bypass and elevation of privilege.

Among the flagged issues, CVE-2026-10883 stands out. It ties to a critical flaw in ANGLE, the graphics layer used by Chromium-based browsers, where a specially crafted webpage can trigger heap corruption in the browser’s memory.

That type of low-level flaw can, under the right conditions, give attackers a path to full code execution on the target device.

The Version Gap

As of June 10, Microsoft’s own release notes page for Edge lists build 149.0.4022.52 — published June 4 — as the current stable release.

That puts most users one build behind the threshold HKCERT now recommends, even if their browser shows “up to date” when they check manually.

Users should not rely on that prompt alone. The only way to confirm protection is to check the exact build number directly.

To do that, open the three-dot menu in Edge, go to Settings, then click About Microsoft Edge, and read the full version string at the top of the page.

What to Do Now

Users running anything below 149.0.4022.53 should return to the About Microsoft Edge page periodically over the coming days and trigger a manual update check until the .53 build appears.

Microsoft has not publicly announced a ship date for the patched build on the stable channel.

Meanwhile, Google pushed a Chrome update June 2 addressing the same underlying Chromium vulnerabilities — more than a week before HKCERT published its Edge-specific advisory.

Both Edge and Chrome run on the Chromium open-source engine, meaning flaws discovered in Chromium’s core components, such as the ANGLE graphics layer, can affect both browsers until each company ships its own patched release.

Deepak Gupta

Deepak Gupta is a technologist who loves diving into software development, cybersecurity, and new tech. He aims to make complex topics easy to understand, sharing practical insights with fellow tech enthusiasts. Read more about me at LinkedIn.

Read more:

Opera Neon Releases CLI Tool Letting AI Coding Agents Control the Browser Directly

Opera Neon Releases CLI Tool Letting AI Coding Agents Control the Browser Directly

Zen Browser Rules Out HEX Color Picker as User Base Hits 500,000

Zen Browser Rules Out HEX Color Picker as User Base Hits 500,000

Google Brings AV1 Hardware Encoding to Chrome Cast Streaming, Feature Still in Testing

Google Brings AV1 Hardware Encoding to Chrome Cast Streaming, Feature Still in Testing

Perplexity Releases Comet Browser Update for iOS, Fixing Crashes and Overhauling iPad Tab Management

Perplexity Releases Comet Browser Update for iOS, Fixing Crashes and Overhauling iPad Tab Management

Brave Browser to Add Optional Account Login With Sync Integration Still Free of Email Requirement

Brave Browser to Add Optional Account Login With Sync Integration Still Free of Email Requirement

Google Tests Floating Gemini Toolbar for Highlighted Text in Chrome Canary

Google Tests Floating Gemini Toolbar for Highlighted Text in Chrome Canary

Leave a Reply

Your email address will not be published. Required fields are marked *