🟠 High  |  Source: Microsoft Security Response Center


A use-after-free vulnerability (CVE-2026-15901) has been identified in the Network component of Chromium, the open-source browser engine that underpins Microsoft Edge. Use-after-free flaws occur when a programme continues to use memory after it has been freed, potentially allowing an attacker to execute arbitrary code. Microsoft Edge inherits this vulnerability through its Chromium dependency and is addressed via the upstream Google Chrome fix.

Security Architect’s Take: Ensure Microsoft Edge is updated to the latest version across all managed endpoints and virtual machines, including Azure Virtual Desktop environments. If your organisation uses browser-based access to cloud consoles or internal tooling, prioritise this patch given the remote code execution potential of use-after-free vulnerabilities in network-handling code.

Original advisory: Chromium: CVE-2026-15901 Use after free in Network