A use-after-free vulnerability (CVE-2026-11630) has been identified in the File Input component of Chromium, the open-source browser engine underpinning Microsoft Edge. Use-after-free flaws occur when a programme continues to reference memory after it has been freed, potentially allowing an attacker to execute arbitrary code. Microsoft Edge users and enterprise deployments are affected until the Chromium-based patch is applied.

Security Architect’s Take: Ensure Microsoft Edge is updated to the latest Chromium-based release across all managed endpoints and virtual desktop environments, including any Azure Virtual Desktop or Windows 365 deployments. Prioritise enforcement via Intune or Group Policy, and review browser auto-update policies to confirm they are active.

Original advisory: Chromium: CVE-2026-11630 Use after free in File Input