🟠 High | Source: Microsoft Security Response Center
A out-of-bounds write vulnerability (CVE-2026-14400) has been identified in ANGLE, the graphics layer abstraction library used by Chromium-based browsers. Microsoft Edge inherits this flaw from the upstream Chromium project, meaning unpatched Edge installations could be exposed. Out-of-bounds write flaws of this nature can potentially be exploited to execute arbitrary code in the context of the browser process.
Security Architect’s Take: Ensure Microsoft Edge is updated to the latest stable release across all managed endpoints and virtual desktop environments, including Azure Virtual Desktop deployments. Where browser update policies are enforced via Intune or Group Policy, verify that the latest Chromium-based Edge build incorporating Google’s patch has been distributed and confirm compliance via endpoint telemetry.
Original advisory: Chromium: CVE-2026-14400 Out of bounds write in ANGLE