🟠 High  |  Source: Microsoft Security Response Center


A vulnerability (CVE-2026-14410) has been identified in Skia, the graphics rendering library used by Chromium-based browsers, involving an inappropriate implementation that could be exploited by malicious actors. Microsoft Edge, which is built on Chromium, is affected and has ingested the upstream fix from Google Chrome. The vulnerability originates from the Chromium project and is tracked and patched by Google.

Security Architect’s Take: Ensure Microsoft Edge is updated to the latest version across your organisation’s endpoints, particularly on machines used to access Azure portals or cloud management consoles, as browser-based vulnerabilities can be leveraged to compromise cloud sessions. Enforce browser auto-update policies via Intune or Group Policy to reduce exposure windows.

Original advisory: Chromium: CVE-2026-14410 Inappropriate implementation in Skia