LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2026-3910

CVE-2026-3910 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 13, 2026

Google Chrome - Remote Code Execution

Published: March 13, 2026Updated: March 13, 2026KEVRemote Exploitable

Overview

Google Chrome < 146.0.7680.75 contains a remote code execution caused by inappropriate implementation in V8 engine, letting remote attackers execute arbitrary code inside sandbox via crafted HTML page.

Severity & Score

Severity: High
CVSS Score: 8.8
EPSS Score: 8.0%(Probability of exploitation in next 30 days)

Impact

Remote attackers can execute arbitrary code inside the sandbox, potentially compromising the browser environment.

Mitigation

Update to version 146.0.7680.75 or later.

References

Social Media Activity(9 posts)

TheHackerWire
TheHackerWire
@thehackerwire
Mar 13, 2026

🟠 CVE-2026-3910 - High (8.8) Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3910/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
ZEN SecDB
ZEN SecDB
@secdb
Mar 13, 2026

🚨 [CISA-2026:0313] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0313) CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. ⚠️ CVE-2026-3909 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909) - Name: Google Skia Out-of-Bounds Write Vulnerability - Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. - Known To Be Used in Ransomware Campaigns? Unknown - Vendor: Google - Product: Skia - Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html#:~:text=Google%20is%20aware ; https://nvd.nist.gov/vuln/detail/CVE-2026-3909 ⚠️ CVE-2026-3910 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910) - Name: Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability - Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. - Known To Be Used in Ransomware Campaigns? Unknown - Vendor: Google - Product: Chromium V8 - Notes: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-3910 #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260313 #cisa20260313 #cve_2026_3909 #cve_2026_3910 #cve20263909 #cve20263910

View original post
CISA KEV Tracker
CISA KEV Tracker
@cisakevtracker
Mar 13, 2026

CVE ID: CVE-2026-3910 Vendor: Google Product: Chromium V8 Date Added: 2026-03-13 Notes: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-3910 CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-3910

View original post
AA
AA
@AAKL
Mar 13, 2026

CISA has updated the KEV catalogue. - CVE-2026-3909: Google Skia Out-of-Bounds Write Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-3909 - CVE-2026-3910: Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-3910 #CISA #Google #infosec #vulnerability

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 13, 2026

🟠 CVE-2026-3910 - High (8.8) Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3910/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
ZEN SecDB
ZEN SecDB
@secdb
Mar 13, 2026

🚨 [CISA-2026:0313] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0313) CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. ⚠️ CVE-2026-3909 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909) - Name: Google Skia Out-of-Bounds Write Vulnerability - Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. - Known To Be Used in Ransomware Campaigns? Unknown - Vendor: Google - Product: Skia - Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html#:~:text=Google%20is%20aware ; https://nvd.nist.gov/vuln/detail/CVE-2026-3909 ⚠️ CVE-2026-3910 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910) - Name: Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability - Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. - Known To Be Used in Ransomware Campaigns? Unknown - Vendor: Google - Product: Chromium V8 - Notes: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-3910 #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260313 #cisa20260313 #cve_2026_3909 #cve_2026_3910 #cve20263909 #cve20263910

View original post
CISA KEV Tracker
CISA KEV Tracker
@cisakevtracker
Mar 13, 2026

CVE ID: CVE-2026-3910 Vendor: Google Product: Chromium V8 Date Added: 2026-03-13 Notes: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-3910 CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-3910

View original post
AA
AA
@AAKL
Mar 13, 2026

CISA has updated the KEV catalogue. - CVE-2026-3909: Google Skia Out-of-Bounds Write Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-3909 - CVE-2026-3910: Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-3910 #CISA #Google #infosec #vulnerability

View original post
secureblue
secureblue
@secureblue.dev
Mar 13, 2026

Trivalent 145.0.7632.75-442755 released: https://github.com/secureblue/Trivalent/releases/tag/146.0.7680.75-443342 Google is aware that exploits for both CVE-2026-3909 & CVE-2026-3910 exist in the wild. https://github.com/secureblue/Trivalent/releases/tag/146.0.7680.75-443342

View original post

Related Resources

Details

CVE ID
CVE-2026-3910
Severity
High
CVSS Score
8.8
Type
undefined
Status
confirmed
EPSS
8.0%
Social Posts
9

CWE

  • CWE-94
  • CWE-119

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

8.0%Probability of exploitation in the next 30 days