🟠 High  |  Source: Microsoft Security Response Center


A high-severity out-of-bounds write vulnerability (CVE-2026-14395) has been identified in V8, the JavaScript engine used by Chromium-based browsers. Microsoft Edge is affected as it is built on Chromium, and a fix has been delivered via the upstream Chrome release. Out-of-bounds write flaws in browser engines can potentially allow attackers to execute arbitrary code on a victim’s machine by tricking them into visiting a malicious webpage.

Security Architect’s Take: Ensure Microsoft Edge and any Chromium-based browsers deployed across your organisation’s endpoints and virtual desktop environments (including Azure Virtual Desktop) are updated promptly to the latest version. Prioritise this for users with privileged cloud console access, as browser-based code execution vulnerabilities are a common initial access vector.

Original advisory: Chromium: CVE-2026-14395 Out of bounds write in V8