CVE-2026-3910

CVSS 8.8 HIGHEPSS 2.0%● KEVCWE-119

In short

A flaw in Chrome's V8 JavaScript engine allowed attackers to run malicious code within the browser sandbox by tricking users into visiting a specially crafted webpage. This bypasses Chrome's security protections designed to prevent harmful programs from accessing your system.

Technical detail

CWE-119 buffer overflow vulnerability in V8 engine enables remote code execution within the sandbox environment. Attack vector requires user interaction (visiting a malicious webpage); impact includes arbitrary code execution with sandbox privileges, potentially leading to further system compromise through sandbox escape techniques.

Summary generated and translated by AI from the official description.

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Google · Chrome

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html https://issues.chromium.org/issues/491410818 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3910