A use-after-free vulnerability (CVE-2026-11629) has been identified in the Ozone windowing framework within the Chromium engine. Microsoft Edge, being Chromium-based, is affected and has ingested the fix from Google Chrome. Use-after-free flaws can allow attackers to execute arbitrary code by manipulating freed memory, potentially compromising the browser and the underlying system.

Security Architect’s Take: Ensure Microsoft Edge is updated to the latest Chromium-based release across all managed endpoints and virtual desktop environments, including Azure Virtual Desktop. Prioritise patching for any users accessing sensitive cloud consoles or internal tooling via Edge.

Original advisory: Chromium: CVE-2026-11629 Use after free in Ozone