![Wanted: Suspects for Homicide in the 2nd District [VIDEO]](https://thephillypi.com/wp-content/uploads/2026/06/Wanted-Suspects-for-Homicide-in-the-2nd-District-VIDEO-330x220.png "Wanted: Suspects for Homicide in the 2nd District [VIDEO]")
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chrome flaws to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Google Chrome flaws to its Known Exploited Vulnerabilities (KEV) catalog.
Below are the flaws added to the catalog:
- CVE-2026-3909 Google Skia Out-of-Bounds Write Vulnerability
- CVE-2026-3910 Google Chromium V8 Unspecified Vulnerability
This week, Google released security updates to address two high-severity vulnerabilities, tracked as CVE-2026-3909 and CVE-2026-3910, in the Chrome browser. The company is aware of attacks in the wild exploiting both flaws.
“Google is aware that exploits for both CVE-2026-3909 & CVE-2026-3910 exist in the wild.” reads the advisory published by the tech giant.
EXPLORE MORE
Unprivileged users could exploit AppArmor bugs to gain root access
Researchers found nine “CrackArmor” flaws in Linux AppArmor that could let unprivileged…
Interpol – Operation Synergia III leads to 45,000 malicious IPs dismantled and 94 arrests worldwide
INTERPOL dismantled 45,000 malicious IPs and servers and arrested 94 suspects in…
Missing Juvenile Ivanna Dekeyser from the 15th District
The Philadelphia Police Department is requesting the public’s help in locating 12-year-old…
Frank Wright: Henry Nowak’s murder is ‘emblematic’ of the ‘murder’ of Britain
(LifeSiteNews) — LifeSite’s Frank Wright called the murder of Henry Nowak, who…
SpaceX signs $30 billion AI deal with Google — RT World News
Anthropic similarly agreed to pay Elon Musk’s tech company $45 billion for…
Trump names Tulsi Gabbard’s replacement as intel chief
Bill Pulte, a close ally of the president with no national security…
Google experts discovered both vulnerabilities on March 10, 2026. As usual, the company did not disclose details about the attacks exploiting these flaws or the threat actors involved.
Below are the descriptions for these vulnerabilities:
- CVE-2026-3909 (CVSS score: 8.8) – Out-of-bounds write in the Skia 2D graphics library that lets a remote attacker trigger memory corruption by tricking a user into opening a specially crafted HTML page.
- CVE-2026-3910 (CVSS score: 8.8) – Flaw in the implementation of the V8 JavaScript/WebAssembly engine that lets a remote attacker run arbitrary code within the browser sandbox using a maliciously crafted HTML page.
The company informed users that the Stable channel has been updated to version 146.0.7680.75/76 for Windows and Mac, and 146.0.7680.75 for Linux. The update will roll out over the coming days and weeks. A full list of changes in this build is available in the log.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix the vulnerability by March 27, 2026.
