🟠 High  |  Source: Microsoft Security Response Center


A memory safety vulnerability (out-of-bounds read and write) has been identified in V8, the JavaScript engine used by Chromium-based browsers including Microsoft Edge. This type of flaw can potentially be exploited by attackers to execute arbitrary code or leak sensitive data simply by directing a user to a malicious webpage. Microsoft Edge will receive a fix via its regular Chromium ingestion process.

Security Architect’s Take: Ensure Microsoft Edge and any Chromium-based browsers deployed across your organisation are updated to the latest version immediately. If your environment uses browser-based access to Azure portals or internal tooling, prioritise patching on privileged workstations and Privileged Access Workstations (PAWs) first, as exploitation could compromise credentials or session tokens.

Original advisory: Chromium: CVE-2026-15903 Out of bounds read and write in V8