Attention: You are using an outdated browser, device or you do not have the latest version of JavaScript downloaded and so this website may not work as expected. Please download the latest software or switch device to avoid further issues.
| 16 Mar 2026 | |
| Written by Gabi Gerber | |
| Attacks & Threats |
| Hacking Topics, Security Operation Center |
Google on Thursday released security updates for its Chrome web browser to address two high-severity vulnerabilities that it said have been exploited in the wild.
The list of vulnerabilities is as follows -
CVE-2026-3909 (CVSS score: 8.8) - An out-of-bounds write vulnerability in the Skia 2D graphics library that allows a remote attacker to perform out-of-bounds memory access via a crafted HTML page.
CVE-2026-3910 (CVSS score: 8.8) - An inappropriate implementation vulnerability in the V8 JavaScript and WebAssembly engine that allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Both vulnerabilities were discovered and reported by Google itself on March 10, 2026. As is customary in these cases, no details are available about how the issues are being abused in the wild and who is behind the efforts. This is done so as to prevent other threat actors from exploiting the issues. More at https://thehackernews.com/2026/03/google-fixes-two-chrome-zero-days.html
In a new report from the Cloud Security Alliance (CSA), experts warn of an "AI vulnerability storm" triggered by the introduction of Anthropic's Claude Mythos. More...
Its Mythos Preview model, which can allegedly find and exploit critical zero-days, also comes with certain controls, the… More...
The Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromis… More...
Microsoft says the financially motivated cybercrime group has exploited N-day and zero-day vulnerabilities in campaigns … More...
Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer. More...
In a new report from the Cloud Security Alliance (CSA), experts warn of an "AI vulnerability storm" triggered by the introduction of Anthropic's Claude Mythos. More...
Its Mythos Preview model, which can allegedly find and exploit critical zero-days, also comes with certain controls, the… More...
The Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromis… More...
Microsoft says the financially motivated cybercrime group has exploited N-day and zero-day vulnerabilities in campaigns … More...
Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer. More...
