A use-after-free vulnerability (CVE-2026-11634) has been identified in the Gamepad component of the Chromium browser engine. Because Microsoft Edge is built on Chromium, it inherits this flaw and requires patching. Use-after-free bugs can allow attackers to execute arbitrary code or destabilise the browser by manipulating freed memory.

Security Architect’s Take: Ensure Microsoft Edge is updated to the latest stable release across all managed endpoints and virtual desktop environments — pay particular attention to Azure Virtual Desktop and Dev Box deployments where browser updates may lag behind. Validate that your endpoint management policies (e.g. Intune) are enforcing automatic Edge updates.

Original advisory: Chromium: CVE-2026-11634 Use after free in Gamepad