anonhaven
Ad

CVE-2026-3910

HIGH CVSS 3.1: 8.8 EPSS 0.69% ACTIVE EXPLOIT
Updated Mar 13, 2026
Google

CISA Known Exploited Vulnerability (KEV)

This vulnerability is actively exploited in the wild. Immediate patching is strongly recommended.

Due Date: Mar 27, 2026

Parameter Value
CVSS 8.8 (HIGH)
Affected Versions before 146.0.7680.75
Fixed In 146.0.7680.75
Type CWE-119 (Buffer Overflow), CWE-94 (Code Injection)
Vendor Google
Public PoC Yes

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-119 Buffer Overflow
CWE-94 Code Injection

Vulnerable Products 4

Configuration From (including) Up to (excluding)
Google Chrome
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
 146.0.7680.75
Apple Macos
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
Linux Linux_Kernel
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Microsoft Windows
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References 3

https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop…
chrome-cve-admin@google.com
https://issues.chromium.org/issues/491410818
chrome-cve-admin@google.com
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026…
134c704f-9b21-4f2e-91b3-4a467353bcc0
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-6364

Google

6.5

CVE-2026-6363

Google

8.8

CVE-2026-6362

Google

6.3

CVE-2026-6361

Google

7.2

CVE-2026-6360

Google

8.8