Cyber Centre Daily Advisory Digest — 2026-06-12 (4 advisories)

What Happened

The Canadian Centre for Cyber Security issued alerts about security updates for several widely used software products, including Microsoft Edge, Google Chrome, Spring, and Moxa industrial computers. Users of Microsoft Edge are particularly affected, as one of the flaws (CVE-2026-11645) is already being exploited by attackers. These vulnerabilities could allow attackers to compromise affected systems if left unpatched. Organizations and individuals should apply the latest updates provided by the respective vendors immediately to secure their devices.

Key Takeaways

• Microsoft Edge requires an immediate update to address CVE-2026-11645, which has an available exploit in the wild.
• Google Chrome released security updates for its Stable Channel across Windows, Mac, and Linux platforms.
• Spring published security advisories for multiple products, including Cloud Sleuth, Cloud Gateway, and GraphQL.
• Moxa addressed vulnerabilities in several industrial computer series, including a missing cryptographic step vulnerability (CVE-2026-9266).

Affected Systems

• Microsoft Edge Stable Channel (prior to 149.0.4022.62)
• Google Chrome Desktop Stable Channel (prior to 149.0.7827.114/115)
• Spring Cloud Sleuth (3.1.0 to 3.1.13)
• Spring Statemachine
• Spring Cloud Gateway
• Spring Integration
• Spring for GraphQL
• Moxa UC-1200A / UC-2200A / UC-3400A / UC-4400A / UC-8200 series
• Moxa V1200 / V3200 / V3400 / V2406C WL series

Vulnerabilities (CVEs)

• CVE-2026-11645
• CVE-2026-9266

Attack Chain

The provided text is a summary of security advisories and does not detail a specific attack chain. However, it notes that an exploit is available for CVE-2026-11645 affecting Microsoft Edge, which typically involves an attacker tricking a user into visiting a maliciously crafted webpage to trigger code execution or browser compromise.

Detection Availability

• YARA Rules: No
• Sigma Rules: No
• Snort/Suricata Rules: No
• KQL Queries: No
• Splunk SPL Queries: No
• EQL Queries: No
• Other Detection Logic: No

No specific detection rules or queries are provided in the advisory digest.

Detection Engineering Assessment

EDR Visibility: Low — The advisory only lists vulnerabilities and patches without providing specific behavioral indicators or exploit payloads for EDR to detect. Network Visibility: Low — No network indicators or specific exploit traffic patterns are provided in the digest. Detection Difficulty: Hard — Without specific exploit details or IOCs, detection relies entirely on vulnerability scanning and patch management rather than active threat hunting.

Required Log Sources

• Vulnerability Management System
• Asset Inventory

Hunting Hypotheses

Control Gaps

• Lack of timely patch deployment for browsers and industrial control systems

Key Behavioral Indicators

• Unexpected browser crashes followed by unusual child processes

False Positive Assessment

• Low

Recommendations

Immediate Mitigation

• Verify against your organization's incident response runbook and team escalation paths before acting.
• Deploy the latest updates for Microsoft Edge (149.0.4022.62 or later) immediately due to the known exploit for CVE-2026-11645.
• Update Google Chrome to version 149.0.7827.114/115 or later across all supported desktop platforms.
• Apply vendor-supplied patches for affected Spring framework components and Moxa industrial computers.

Infrastructure Hardening

• Ensure automated patching is enabled for web browsers across the enterprise.
• Review and update software bill of materials (SBOM) to identify applications utilizing vulnerable Spring components.
• Evaluate whether Moxa industrial control systems are isolated from the public internet and properly segmented within the OT network.

User Protection

• Instruct users to restart their browsers to ensure pending updates are fully applied.

Security Awareness

• Remind users of the importance of allowing browser updates to install promptly.

MITRE ATT&CK Mapping

• T1203 - Exploitation for Client Execution