A use-after-free vulnerability in the Bluetooth component of the Chromium engine (CVE-2026-11641) has been patched by Google and is being ingested into Microsoft Edge. Use-after-free flaws occur when a programme continues to use memory after freeing it, potentially allowing an attacker to execute arbitrary code. Although assigned under the Azure/Microsoft advisory, the root cause lies in Chromium and affects any Chromium-based browser, including Edge.

Security Architect’s Take: Ensure Microsoft Edge deployments across your organisation are updated to the latest version as soon as the patched build is available; where Edge is used on Azure Virtual Desktop or enterprise endpoints, prioritise patch validation and consider enforcing browser version controls via Intune or Group Policy to limit exposure.

Original advisory: Chromium: CVE-2026-11641 Use after free in Bluetooth