Bluetooth

🟠 High | Source: Microsoft Security Response Center A use-after-free vulnerability in the Bluetooth component of the Chromium engine (CVE-2026-11641) has been patched by Google and is being ingested into Microsoft Edge. Use-after-free flaws occur when a programme continues to use memory after freeing it, potentially allowing an attacker to execute arbitrary code. Although assigned under the Azure/Microsoft advisory, the root cause lies in Chromium and affects any Chromium-based browser, including Edge. ...

🟠 High | Source: Microsoft Security Response Center A use-after-free vulnerability in the Chromium Bluetooth component has been assigned CVE-2026-11635 by the Chrome team. Microsoft Edge, being Chromium-based, is affected and has ingested the upstream fix from Google. Use-after-free flaws can allow attackers to execute arbitrary code by manipulating freed memory, making this a serious concern for end-user and enterprise browser security. Security Architect’s Take: Ensure Microsoft Edge is updated to the latest stable release that includes the patched Chromium build, and verify that your organisation’s browser update policies enforce automatic updates. If Edge is deployed on Azure Virtual Desktop or corporate endpoints, prioritise rollout through Intune or your endpoint management tooling immediately. ...

🟠 High | Source: Microsoft Security Response Center A use-after-free vulnerability in the Bluetooth component of the Chromium browser engine has been assigned CVE-2026-11633. Microsoft Edge, which is built on Chromium, is affected and has ingested Google’s upstream fix. Use-after-free flaws can allow attackers to execute arbitrary code by manipulating freed memory, potentially compromising the user’s machine. Security Architect’s Take: Ensure Microsoft Edge is updated to the latest stable release across your enterprise estate, prioritising devices with Bluetooth enabled. Consider enforcing browser version compliance via Intune or your endpoint management tooling, and review whether Edge auto-update policies are active for managed endpoints. ...