🟠 High | Source: Microsoft Security Response Center
A use-after-free vulnerability (CVE-2026-13026) has been identified in the Digital Credentials component of Chromium, affecting Microsoft Edge as a Chromium-based browser. Use-after-free flaws occur when a programme continues to use memory after it has been freed, which attackers can exploit to execute arbitrary code or cause crashes. Microsoft Edge will receive the fix via its standard Chromium ingestion process.
Security Architect’s Take: Ensure Microsoft Edge is updated to the latest version across all managed endpoints and virtual desktop environments, including Azure Virtual Desktop deployments. Prioritise patching for users who handle sensitive credentials or operate in privileged roles, and verify that browser update policies enforced via Intune or Group Policy are functioning correctly.
Original advisory: Chromium: CVE-2026-13026 Use after free in Digital Credentials