🟠 High  |  Source: Microsoft Security Response Center


A use-after-free vulnerability (CVE-2026-14398) has been identified in ANGLE, the graphics layer used by Chromium-based browsers including Microsoft Edge. Use-after-free flaws occur when a programme continues to reference memory after it has been freed, potentially allowing an attacker to execute arbitrary code. This affects any environment where Microsoft Edge or other Chromium-based browsers are in use, including cloud-connected workstations and virtual desktop infrastructure.

Security Architect’s Take: Ensure Microsoft Edge and any Chromium-based browsers deployed across your organisation — including AVD and cloud-hosted virtual desktop environments — are patched to the latest stable release immediately. Prioritise endpoints with privileged access to cloud management consoles, as browser-based code execution is a common initial access vector.

Original advisory: Chromium: CVE-2026-14398 Use after free in ANGLE