A use-after-free vulnerability in the Bluetooth component of the Chromium engine (CVE-2026-11641) has been patched by Google and is being ingested into Microsoft Edge. Use-after-free flaws occur when a programme continues to use memory after freeing it, potentially allowing an attacker to execute arbitrary code. Although assigned under the Azure/Microsoft advisory, the root cause lies in Chromium and affects any Chromium-based browser, including Edge.

Security Architect’s Take: Ensure Microsoft Edge deployments across your organisation are updated to the latest version as soon as the patched build is available; where Edge is used on Azure Virtual Desktop or enterprise endpoints, prioritise patch validation and consider enforcing browser version controls via Intune or Group Policy to limit exposure.

Original advisory: Chromium: CVE-2026-11641 Use after free in Bluetooth

A use-after-free vulnerability in the Chromium Bluetooth component has been assigned CVE-2026-11635 by the Chrome team. Microsoft Edge, being Chromium-based, is affected and has ingested the upstream fix from Google. Use-after-free flaws can allow attackers to execute arbitrary code by manipulating freed memory, making this a serious concern for end-user and enterprise browser security.

Security Architect’s Take: Ensure Microsoft Edge is updated to the latest stable release that includes the patched Chromium build, and verify that your organisation’s browser update policies enforce automatic updates. If Edge is deployed on Azure Virtual Desktop or corporate endpoints, prioritise rollout through Intune or your endpoint management tooling immediately.

Original advisory: Chromium: CVE-2026-11635 Use after free in Bluetooth

A use-after-free vulnerability in the Bluetooth component of the Chromium browser engine has been assigned CVE-2026-11633. Microsoft Edge, which is built on Chromium, is affected and has ingested Google’s upstream fix. Use-after-free flaws can allow attackers to execute arbitrary code by manipulating freed memory, potentially compromising the user’s machine.

Security Architect’s Take: Ensure Microsoft Edge is updated to the latest stable release across your enterprise estate, prioritising devices with Bluetooth enabled. Consider enforcing browser version compliance via Intune or your endpoint management tooling, and review whether Edge auto-update policies are active for managed endpoints.

Original advisory: Chromium: CVE-2026-11633 Use after free in Bluetooth