Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Chrome Skia and V8 exploited zero-days (multiple vulnerabilities)

Vulnerability
First reported
Last updated
Happening score
H score 35
1 unique sources, 1 articles

Summary

Hide ▲

Chrome on Windows, macOS, and Linux is affected by two high-severity zero-days, CVE-2026-3909 and CVE-2026-3910, that Google says were exploited in the wild. One flaw is an out-of-bounds write in Skia that can trigger out-of-bounds memory access from a crafted HTML page. The other is an inappropriate implementation issue in V8 that can enable arbitrary code execution inside a sandbox from a crafted HTML page. Google shipped fixes in 146.0.7680.75/76 and urged users to update immediately because the bugs were already being abused.

Related Happenings

Chromium JavaScript background RCE flaw

Vulnerability
First: 21.05.2026 21:13 Last: 21.05.2026 21:13 Sources 1

About this happening: The unfixed **Chromium** flaw keeps **JavaScript** running after the browser is closed, creating **remote code execution** risk across **Chromium-based browsers**. A malicious sit...

Open Happening

Google overhauls Android and Chrome bug bounty programs

Commercial Activity
First: 05.05.2026 14:24 Last: 05.05.2026 14:24 Sources 1

About this happening: **Google** overhauls its **Android and Chrome** vulnerability rewards programs, reshaping payout tiers for **exploit research** and raising top rewards to **$1.5 million**. The ch...

Open Happening

Google Chrome 146 adds Device Bound Session Credentials to block session-cookie theft

Security Tool/Service
First: 09.04.2026 21:33 Last: 09.04.2026 21:33 Sources 1

About this happening: Google has rolled out **Device Bound Session Credentials (DBSC)** in **Chrome 146 for Windows**, binding sessions to device hardware to blunt **infostealer malware** that steals s...

Open Happening

Nvidia GPU GPUBreach Rowhammer-style page-table corruption privilege-escalation flaw

Vulnerability
First: 07.04.2026 14:31 Last: 07.04.2026 14:31 Sources 1

About this happening: Researchers demonstrated **GPUBreach**, a **Rowhammer-style weakness** in **Nvidia GPUs** that can corrupt **GPU page tables** and enable **arbitrary read-write access**. When pai...

Open Happening

Chrome/Dawn actively exploited use-after-free flaw (CVE-2026-5281)

Vulnerability
First: 01.04.2026 13:25 Last: 01.04.2026 13:25 Sources 1

About this happening: **Google Chrome Stable Desktop** on **Windows, macOS, and Linux** is getting an **emergency fix** for **CVE-2026-5281**, a **use-after-free** flaw in **Dawn/WebGPU**. Google says...

Open Happening

Timeline

  1. 13.03.2026 02:00 1 articles · 2mo ago

    Google discovers and reports Chrome zero-days CVE-2026-3909 and CVE-2026-3910

    Initial Disclosure

    Google discovered and reported CVE-2026-3909 in the Skia 2D graphics library and CVE-2026-3910 in the V8 JavaScript and WebAssembly engine on March 10, 2026; both flaws were later described as high-severity Chrome vulnerabilities exploited in the wild via crafted HTML pages.

    Show sources
    Open in new tab
  2. 13.03.2026 02:00 2 articles · 2mo ago

    Google releases Chrome fixes for CVE-2026-3909 and CVE-2026-3910

    Mitigation Patch Update

    Google released Chrome security updates to address CVE-2026-3909 and CVE-2026-3910, urging users to relaunch after updating to 146.0.7680.75/76 on Windows and macOS or 146.0.7680.75 on Linux.

    Show sources
    Open in new tab