🟠 High  |  Source: Microsoft Security Response Center


A use-after-free vulnerability (CVE-2026-15904) has been identified in the Ozone graphics platform layer within Chromium. Microsoft Edge, being Chromium-based, is affected and has ingested the upstream fix from Google Chrome. Use-after-free flaws can allow attackers to execute arbitrary code by manipulating freed memory, potentially compromising the browser and the underlying system.

Security Architect’s Take: Ensure Microsoft Edge is updated to the latest stable release across all managed endpoints and virtual desktop environments, including Azure Virtual Desktop deployments. Validate that your endpoint management policy (e.g. Intune) is enforcing automatic browser updates and consider temporarily restricting untrusted web content access until patching is confirmed complete.

Original advisory: Chromium: CVE-2026-15904 Use after free in Ozone