🟠 High  |  Source: Microsoft Security Response Center


A use-after-free vulnerability (CVE-2026-15899) has been identified in the CameraCapture component of Chromium, the open-source browser engine underpinning Microsoft Edge. Use-after-free flaws occur when a programme continues to reference memory after it has been freed, potentially allowing an attacker to execute arbitrary code. Microsoft Edge inherits this vulnerability from Chromium and is addressed via Google’s upstream patch.

Security Architect’s Take: Ensure Microsoft Edge is updated to the latest version across all managed endpoints and virtual machines, including Azure Virtual Desktop environments. Prioritise patching for any user-facing workloads where Edge is deployed, and consider enforcing browser version compliance via Intune or Group Policy to reduce exposure windows.

Original advisory: Chromium: CVE-2026-15899 Use after free in CameraCapture