🟠 High  |  Source: Microsoft Security Response Center


A use-after-free vulnerability in V8, the JavaScript engine used by Chromium-based browsers, has been assigned CVE-2026-14394. This class of memory corruption flaw can potentially allow an attacker to execute arbitrary code within the browser process, typically by luring a user to a malicious web page. Microsoft Edge inherits this vulnerability from its Chromium base and is addressed via the upstream Chrome patch.

Security Architect’s Take: Ensure Microsoft Edge is updated to the latest stable release across all managed endpoints and virtual desktop environments, including Azure Virtual Desktop deployments. Validate that your endpoint management policies (Intune or equivalent) enforce automatic browser updates and consider blocking outdated Edge versions via conditional access controls.

Original advisory: Chromium: CVE-2026-14394 Use after free in V8