A out-of-bounds write vulnerability has been identified in the Codecs component of Chromium, tracked as CVE-2026-12019. Microsoft Edge inherits this flaw due to its Chromium-based architecture. Out-of-bounds write vulnerabilities can allow attackers to corrupt memory and potentially execute arbitrary code, making this a serious concern for organisations using Edge in corporate environments.

Security Architect’s Take: Ensure Microsoft Edge is updated to the latest stable release as soon as a patched version is available, and prioritise this across managed endpoints via Intune or your preferred patch management tooling. If Edge is deployed in Azure Virtual Desktop or used to access cloud management portals, treat this as elevated risk and expedite deployment.

Original advisory: Chromium: CVE-2026-12019 Out of bounds write  Codecs