A use-after-free vulnerability (CVE-2026-11631) has been identified in the Aura windowing framework within the Chromium engine. Microsoft Edge, being Chromium-based, is affected and has ingested the upstream fix from Google Chrome. Use-after-free flaws can allow attackers to execute arbitrary code by manipulating freed memory, making them potentially serious if exploited via a malicious webpage.

Security Architect’s Take: Ensure Microsoft Edge is updated to the latest stable release across all managed endpoints and virtual desktop environments, including Azure Virtual Desktop deployments. Verify that browser update policies are enforced via Intune or Group Policy, and consider temporarily restricting access to untrusted web content on sensitive workstations until patching is confirmed.

Original advisory: Chromium: CVE-2026-11631 Use after free in Aura