A use-after-free vulnerability (CVE-2026-11628) has been identified in the Ozone display platform component of Chromium. Microsoft Edge, being Chromium-based, inherits this flaw and has been patched via Google’s upstream Chromium release. Use-after-free bugs can allow attackers to execute arbitrary code by manipulating freed memory, making them potentially severe.

Security Architect’s Take: Ensure Microsoft Edge is updated to the latest Chromium-based release across all managed endpoints and virtual desktop environments, including Azure Virtual Desktop deployments. Validate that your browser update policies enforce automatic patching and consider using Microsoft Endpoint Manager or Intune to confirm compliance.

Original advisory: Chromium: CVE-2026-11628 Use after free in Ozone