🟠 High  |  Source: Microsoft Security Response Center


A use-after-free vulnerability (CVE-2026-15902) has been identified in the Cast component of Chromium, the open-source browser engine underpinning Microsoft Edge. Use-after-free flaws occur when a programme continues to reference memory after it has been freed, potentially allowing an attacker to execute arbitrary code. Microsoft Edge receives this fix via its Chromium ingestion pipeline, meaning users of Edge-based browser sessions — including those accessing Azure and Microsoft 365 services — should update promptly.

Security Architect’s Take: Ensure Microsoft Edge is updated to the latest Chromium-based release across all managed endpoints, particularly those used to access cloud management consoles and sensitive corporate resources. Consider enforcing browser version compliance via Intune or Group Policy to reduce exposure windows for browser-based memory corruption vulnerabilities.

Original advisory: Chromium: CVE-2026-15902 Use after free in Cast