🟠 High | Source: Microsoft Security Response Center
A use-after-free vulnerability (CVE-2026-13029) has been identified in the Web Authentication component of Chromium, the open-source browser engine underpinning Microsoft Edge. Use-after-free flaws occur when a programme continues to reference memory after it has been freed, potentially allowing an attacker to execute arbitrary code. Because Microsoft Edge ingests Chromium directly, this vulnerability affects all Chromium-based Edge deployments until patched.
Security Architect’s Take: Ensure Microsoft Edge is updated to the latest patched version across all managed endpoints and virtual desktop environments — prioritise any deployments where Edge is used to access cloud management consoles or sensitive web applications. Confirm your endpoint management tooling (e.g. Intune or SCCM) has pushed the update and validate compliance via device health reporting.
Original advisory: Chromium: CVE-2026-13029 Use after free in Web Authentication