🟠 High | Source: Microsoft Security Response Center
CVE-2026-14412 is a vulnerability in ANGLE (Almost Native Graphics Layer Engine), the graphics abstraction layer used by Chromium-based browsers including Microsoft Edge. The flaw involves insufficient validation of untrusted input, which could allow an attacker to exploit the graphics rendering pipeline via a malicious web page. Microsoft Edge is affected as it inherits this vulnerability from its Chromium foundation, and a patch has been issued via the Chromium project.
Security Architect’s Take: Ensure Microsoft Edge is updated to the latest stable release across all managed endpoints and virtual desktop environments, including Azure Virtual Desktop deployments. Enforce browser update policies via Intune or Group Policy to minimise the window of exposure for browser-based attack vectors.
Original advisory: Chromium: CVE-2026-14412 Insufficient validation of untrusted input in ANGLE