🟠 High  |  Source: Microsoft Security Response Center


A use-after-free vulnerability (CVE-2026-13778) has been identified in the WebUSB component of Chromium, the open-source browser engine underpinning Microsoft Edge. Use-after-free flaws occur when a programme continues to reference memory after it has been freed, which attackers can exploit to execute arbitrary code or crash the application. Microsoft Edge receives this fix via its Chromium ingestion, and users should update their browser promptly.

Security Architect’s Take: Ensure Microsoft Edge is updated to the latest version across all managed endpoints and virtual desktop environments, including Azure Virtual Desktop deployments. Consider enforcing browser version compliance via Microsoft Intune or Group Policy to reduce the window of exposure in enterprise environments.

Original advisory: Chromium: CVE-2026-13778 Use after free in WebUSB