🟠 High | Source: Microsoft Security Response Center
A use-after-free vulnerability in the Chromium Bluetooth component (CVE-2026-13035) has been patched by Google and is being addressed in Microsoft Edge, which is built on the Chromium engine. Use-after-free flaws occur when a programme continues to use memory after freeing it, which can allow an attacker to execute arbitrary code. This affects any Microsoft Edge deployment, including enterprise environments where Edge is used to access Azure and other cloud services.
Security Architect’s Take: Ensure Microsoft Edge is updated to the latest Chromium-based release across all managed endpoints, prioritising devices with access to sensitive cloud environments. Consider enforcing browser version compliance via Microsoft Intune or Group Policy to reduce exposure windows.
Original advisory: Chromium: CVE-2026-13035 Use after free in Bluetooth