🟠 High | Source: Microsoft Security Response Center
A use-after-free vulnerability in the Blink rendering engine (CVE-2026-13036) has been patched by Google Chrome and inherited by Microsoft Edge, which is built on the Chromium codebase. Use-after-free flaws occur when a programme continues to reference memory after it has been freed, potentially allowing an attacker to execute arbitrary code. This affects any environment where Microsoft Edge is deployed, including on Azure virtual machines and end-user workstations accessing cloud resources.
Security Architect’s Take: Ensure Microsoft Edge is updated to the latest Chromium-based release across all managed endpoints and Azure Virtual Desktop environments; prioritise any internet-facing or privileged workstations where browser exploitation could serve as an initial access vector into cloud environments.
Original advisory: Chromium: CVE-2026-13036 Use after free in Blink