CP
cyberpings
VulnerabilitiesHIGH

Google Chrome Flaws Added to CISA's Exploited Vulnerabilities List

SASecurity Affairs
CVE-2026-3909CVE-2026-3910Google ChromeCISAvulnerabilities
🎯

Basically, two serious flaws in Google Chrome could let hackers attack your computer.

Quick Summary

CISA has added two high-severity Google Chrome vulnerabilities to its Known Exploited Vulnerabilities catalog. Millions of users are at risk, as these flaws have already been exploited in the wild. Immediate updates and awareness are crucial to protect against potential attacks.

The Flaw

This week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA?) added two vulnerabilities in Google Chrome to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities, tracked as CVE-2026-3909 and CVE-2026-3910, are classified as high severity, with CVSS? scores of 8.8. They pose significant risks as they have already been exploited in the wild?, meaning hackers are actively using them to compromise systems.

CVE?-2026-3909 is an out-of-bounds write? vulnerability in the Skia 2D graphics library. It allows attackers to corrupt memory by tricking users into opening a specially crafted HTML page?. CVE?-2026-3910, on the other hand, is a flaw in the V8 JavaScript/WebAssembly engine. This vulnerability enables attackers to execute arbitrary code within the browser sandbox?, also through malicious HTML page?s. Both flaws were discovered by Google on March 10, 2026.

What's at Risk

The potential impact of these vulnerabilities is substantial. Since Google Chrome is one of the most widely used web browsers globally, millions of users are at risk. If exploited, attackers could gain unauthorized access to sensitive information or take control of affected systems. This risk is particularly high for organizations that rely on Chrome for daily operations, as the vulnerabilities could lead to data breaches or system compromises.

CISA? has mandated that federal agencies must address these vulnerabilities by March 27, 2026. This directive is part of a broader effort to reduce the risk of known exploited vulnerabilities across government networks. The urgency of this action highlights the critical nature of the flaws and the need for immediate remediation.

Patch Status

In response to these vulnerabilities, Google has released security updates? for Chrome. The updated versions are 146.0.7680.75/76 for Windows and Mac, and 146.0.7680.75 for Linux. Users are encouraged to update their browsers as soon as possible to mitigate the risks associated with these vulnerabilities. The updates will be rolled out gradually, so some users may receive them sooner than others.

It's important to note that while Google has patched these vulnerabilities, the existence of active exploits means that users should remain vigilant. Regularly updating software is crucial in maintaining security, especially for widely used applications like web browsers.

Immediate Actions

For users and organizations, the first step is to ensure that their Google Chrome browser is updated to the latest version. Here are some recommended actions:

  • Update Chrome: Check for updates and install the latest version.
  • Educate Users: Inform employees about the risks of opening suspicious links or attachments, especially from unknown sources.
  • Monitor Systems: Keep an eye on network activity for any unusual behavior that could indicate exploitation attempts.
  • Review Security Policies: Ensure that your organization has robust security measures in place to protect against such vulnerabilities.

By taking these steps, users can significantly reduce their risk of falling victim to attacks exploiting these newly identified vulnerabilities.

💡 Tap dotted terms for explanations

🔒 Pro insight: The active exploitation of these CVEs underscores the urgency for organizations to implement timely updates and user training.

Original article from

Security Affairs · Pierluigi Paganini

Read Full Article

Share

Related Pings

HIGHVulnerabilities

Windows 11 Bug Locks Users Out of System Drive C

A critical bug in Windows 11 is locking users out of their system drives. Affected Samsung devices are unable to access essential applications. Microsoft is investigating the issue and advises users to wait for a patch.

Cyber Security News·
HIGHVulnerabilities

Critical Coruna Flaw Fixed for Older iPhones and iPads

Apple has issued critical updates for older iPhones and iPads to fix the Coruna flaw. This vulnerability could expose sensitive data, making it essential for users to update their devices. Protect yourself by ensuring your device is up to date.

SC Media·
HIGHVulnerabilities

Cisco Catalyst SD-WAN Vulnerability Under Active Exploitation

CISA warns of a critical vulnerability in Cisco Catalyst SD-WAN systems. Federal agencies must act quickly to secure their networks. This flaw poses serious risks to sensitive data and operations.

SC Media·
MEDIUMVulnerabilities

Windows Autopatch to Default to Hotpatch Security Updates

Microsoft will soon enable hotpatch security updates by default for Windows Autopatch users. This change affects devices running Windows 11 version 24H2 or later. It aims to speed up security updates without requiring reboots, enhancing user experience and security.

SC Media·
HIGHVulnerabilities

Old Industrial Controllers Spark Bidding War on eBay

A bidding war on eBay for 30-year-old industrial controllers raises cybersecurity concerns. These outdated systems pose risks to critical infrastructure. Immediate action is needed to secure them.

Dark Reading·
HIGHVulnerabilities

Windows 11 Users Locked Out of C: Drive on Samsung PCs

Microsoft is investigating a major issue affecting Windows 11 users on Samsung laptops. Many are locked out of their C: drive, disrupting access to files and applications. This issue could impact productivity significantly, and users are advised to wait for an official fix.

BleepingComputer·