A use-after-free vulnerability in Chromium’s Autofill component has been assigned CVE-2026-11636 by Google. Microsoft Edge, being Chromium-based, is affected and has ingested the upstream fix from Chrome. Use-after-free flaws can allow attackers to execute arbitrary code by manipulating freed memory, making them potentially serious if exploited via a malicious webpage.

Security Architect’s Take: Ensure Microsoft Edge is updated to the latest stable release across your organisation’s endpoints and virtual desktop infrastructure, including Azure Virtual Desktop environments. Verify endpoint management policies (e.g. via Intune or group policy) are enforcing automatic browser updates without delay.

Original advisory: Chromium: CVE-2026-11636 Use after free in Autofill

A use-after-free vulnerability (CVE-2026-12015) has been identified in the Autofill component of Chromium, the open-source browser engine underpinning Microsoft Edge. Use-after-free flaws occur when a programme continues to reference memory after it has been freed, potentially allowing an attacker to execute arbitrary code. Microsoft Edge inherits this vulnerability from Chromium and is addressed via Google’s upstream patch.

Security Architect’s Take: Ensure Microsoft Edge is updated to the latest stable release across all managed endpoints and virtual desktop environments, including Azure Virtual Desktop and Windows 365 deployments. Validate that your browser update policies via Intune or Group Policy are enforcing timely Chromium-based Edge updates, particularly for privileged users accessing cloud management consoles.

Original advisory: Chromium: CVE-2026-12015 Use after free  Autofill