Threat Intelligence / CVE / CVE-2026-3910
CVE-2026-3910
CISA KEVInappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weaknesses (CWE)
CWE-94, CWE-119
Threats tracking this CVE
- Chrome V8 and Skia Zero-Days Under Active Exploitation (CVE-2026-3910, CVE-2026-3909) — CRITICAL
- Google Chrome Double Zero-Day — Skia OOB Write & V8 Implementation Flaw (CVE-2026-3909, CVE-2026-3910) — CRITICAL
References
- https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html
- https://issues.chromium.org/issues/491410818
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3910
Full detection coverage & IOCs for threats exploiting CVE-2026-3910 are available via the Threadlinqs MCP server (Purple tier). View plans →