A use-after-free vulnerability in the Chromium Bluetooth component has been assigned CVE-2026-11635 by the Chrome team. Microsoft Edge, being Chromium-based, is affected and has ingested the upstream fix from Google. Use-after-free flaws can allow attackers to execute arbitrary code by manipulating freed memory, making this a serious concern for end-user and enterprise browser security.

Security Architect’s Take: Ensure Microsoft Edge is updated to the latest stable release that includes the patched Chromium build, and verify that your organisation’s browser update policies enforce automatic updates. If Edge is deployed on Azure Virtual Desktop or corporate endpoints, prioritise rollout through Intune or your endpoint management tooling immediately.

Original advisory: Chromium: CVE-2026-11635 Use after free in Bluetooth