CVE-2026-12012 is a use-after-free vulnerability in the Network component of Chromium, the open-source browser engine underpinning Microsoft Edge. Use-after-free flaws occur when a programme continues to use memory after it has been freed, potentially allowing an attacker to execute arbitrary code. Microsoft Edge inherits this vulnerability from Chromium and is addressed via Google’s upstream patch.

Security Architect’s Take: Ensure Microsoft Edge is updated to the latest version across all managed endpoints and virtual desktop environments — prioritise any Azure Virtual Desktop or Windows 365 deployments where browser-based access to cloud resources is common. Verify your endpoint management tooling (e.g. Intune) is enforcing the patched Edge build.

Original advisory: Chromium: CVE-2026-12012 Use after free  Network