🟠 High | Source: Microsoft Security Response Center
A use-after-free vulnerability in the Bluetooth component of the Chromium browser engine has been assigned CVE-2026-11633. Microsoft Edge, which is built on Chromium, is affected and has ingested Google’s upstream fix. Use-after-free flaws can allow attackers to execute arbitrary code by manipulating freed memory, potentially compromising the user’s machine.
Security Architect’s Take: Ensure Microsoft Edge is updated to the latest stable release across your enterprise estate, prioritising devices with Bluetooth enabled. Consider enforcing browser version compliance via Intune or your endpoint management tooling, and review whether Edge auto-update policies are active for managed endpoints.
Original advisory: Chromium: CVE-2026-11633 Use after free in Bluetooth