National Cyber Warfare Foundation (NCWF)


Warning: Undefined array key "PeopleID" in /var/www/html/includes/libUser.php on line 492

U.S. CISA adds Google Chrome flaws to its Known Exploited Vulnerabilities catalog
0 user ratings		2026-03-13 22:38:49
milo
Blue Team (CND)
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chrome flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Google Chrome flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: This week, Google released security updates to address two high-severity vulnerabilities, […


U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chrome flaws to its Known Exploited Vulnerabilities catalog.





The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Google Chrome flaws to its Known Exploited Vulnerabilities (KEV) catalog.





Below are the flaws added to the catalog:













    This week, Google released security updates to address two high-severity vulnerabilities, tracked as CVE-2026-3909 and CVE-2026-3910, in the Chrome browser. The company is aware of attacks in the wild exploiting both flaws.





    “Google is aware that exploits for both CVE-2026-3909 & CVE-2026-3910 exist in the wild.” reads the advisory published by the tech giant.





    Google experts discovered both vulnerabilities on March 10, 2026. As usual, the company did not disclose details about the attacks exploiting these flaws or the threat actors involved.





    Below are the descriptions for these vulnerabilities:






    • CVE-2026-3909 (CVSS score: 8.8) – Out-of-bounds write in the Skia 2D graphics library that lets a remote attacker trigger memory corruption by tricking a user into opening a specially crafted HTML page.




    • CVE-2026-3910 (CVSS score: 8.8) – Flaw in the implementation of the V8 JavaScript/WebAssembly engine that lets a remote attacker run arbitrary code within the browser sandbox using a maliciously crafted HTML page.





    The company informed users that the Stable channel has been updated to version 146.0.7680.75/76 for Windows and Mac, and 146.0.7680.75 for Linux. The update will roll out over the coming days and weeks. A full list of changes in this build is available in the log.





    According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.





    Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.





    CISA orders federal agencies to fix the vulnerability by March 27, 2026.





    Follow me on Twitter: @securityaffairs and Facebook and Mastodon





    Pierluigi Paganini





    (SecurityAffairs – hacking, CISA)







    Source: SecurityAffairs
    Source Link: https://securityaffairs.com/189411/security/u-s-cisa-adds-google-chrome-flaws-to-its-known-exploited-vulnerabilities-catalog.html

    Comments
    		new comment
    Nobody has commented yet. Will you be the first?
    		  
    Forum
    Blue Team (CND)


    Copyright 2012 through 2026 - National Cyber Warfare Foundation - All rights reserved worldwide.