🟠 High | Source: Microsoft Security Response Center
A vulnerability in the V8 JavaScript engine (CVE-2026-14405) involves the use of uninitialized memory, which can be exploited to execute arbitrary code or cause unpredictable behaviour within the browser. This affects Microsoft Edge as it is built on the Chromium codebase and inherits the same flaw. Google has issued a fix via Chrome Releases, and Microsoft Edge will receive the patch through its Chromium ingestion process.
Security Architect’s Take: Ensure Microsoft Edge is updated to the latest version across all managed endpoints and virtual desktops, including Azure Virtual Desktop environments. Prioritise patching for users with access to sensitive cloud consoles or internal tooling accessed via browser.
Original advisory: Chromium: CVE-2026-14405 Uninitialized Use in V8