A use-after-free vulnerability (CVE-2026-11637) has been identified in the Chromium Views component, affecting Microsoft Edge as it is built on the Chromium engine. Use-after-free flaws can allow attackers to execute arbitrary code by manipulating freed memory, potentially compromising the affected browser. Microsoft is tracking the fix via Google’s upstream Chromium release.

Security Architect’s Take: Ensure Microsoft Edge is updated to the latest stable release across your organisation’s managed endpoints, as the fix originates from the Chromium project. If you use browser-based access to Azure portals or cloud management consoles, prioritise patching Edge on privileged workstations first.

Original advisory: Chromium: CVE-2026-11637 Use after free in Views