🟠 High  |  Source: Microsoft Security Response Center


A use-after-free vulnerability in Chrome’s V8 JavaScript engine (CVE-2026-14403) has been patched by Google and is being addressed in Microsoft Edge due to its shared Chromium codebase. Use-after-free flaws occur when a programme continues to use memory after freeing it, which attackers can exploit to run arbitrary code. This is particularly relevant in enterprise environments where Edge is used to access Azure and other cloud management portals.

Security Architect’s Take: Ensure Microsoft Edge is updated to the latest stable release across all managed endpoints, prioritising devices used to access cloud management consoles such as the Azure Portal. Validate that your endpoint management tooling (e.g. Intune or WSUS) has deployed the patched Edge version and consider enforcing browser version compliance policies.

Original advisory: Chromium: CVE-2026-14403 Use after free in V8