Ethical Hacking News
The U.S. CISA Adds Google Chrome Flaws to its Known Exploited Vulnerabilities Catalog: A Growing Concern for Cybersecurity
Summary:
Google Chrome flaws have been added to the Known Exploited Vulnerabilities catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). These high-severity vulnerabilities, tracked as CVE-2026-3909 and CVE-2026-3910, pose a significant threat to system stability and data integrity. Organizations must prioritize vulnerability management and stay informed about emerging threats to protect sensitive information.
Google Chrome vulnerabilities have been added to the Known Exploited Vulnerabilities (KEV) catalog by CISA. Two high-severity vulnerabilities, CVE-2026-3909 and CVE-2026-3910, were added, with CVSS scores of 8.8, indicating significant threat to system stability and data integrity. CVE-2026-3909 is an out-of-bounds write vulnerability in the Skia graphics library, while CVE-2026-3910 is a flaw in the V8 JavaScript/WebAssembly engine. Google has released a Stable channel update to version 146.0.7680.75/76 for Windows and Mac, and 146.0.7680.75 for Linux, with patching rolling out over the coming days and weeks. The addition of Google Chrome flaws highlights the need for proactive vulnerability management, timely patching, and staying informed about emerging threats.
Google has recently been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). This development has significant implications for cybersecurity professionals, as it highlights the growing threat landscape and the importance of prioritizing vulnerability management in organizations. The addition of Google Chrome flaws to the KEV catalog is a clear indication that attackers are actively exploiting vulnerabilities in widely used software applications.
According to CISA's latest update, two high-severity vulnerabilities, tracked as CVE-2026-3909 and CVE-2026-3910, have been added to the KEV catalog. These vulnerabilities affect Google Chrome, highlighting the need for users to stay up-to-date with the latest security patches. The CVSS scores for these vulnerabilities are 8.8, indicating that they pose a significant threat to system stability and data integrity.
CVE-2026-3909 is an out-of-bounds write vulnerability in the Skia 2D graphics library that allows a remote attacker to trigger memory corruption by tricking a user into opening a specially crafted HTML page. This vulnerability has been known to be exploited in the wild, and Google experts discovered it on March 10, 2026. The fact that an exploit for this flaw already exists in the wild highlights the speed at which attackers can move once they discover a new vulnerability.
CVE-2026-3910 is a flaw in the implementation of the V8 JavaScript/WebAssembly engine that allows a remote attacker to run arbitrary code within the browser sandbox using a maliciously crafted HTML page. This vulnerability also has a CVSS score of 8.8, indicating its severity. The fact that Google experts discovered this vulnerability on the same day as CVE-2026-3909 emphasizes the need for organizations to stay vigilant and address vulnerabilities quickly.
Google has informed users that the Stable channel has been updated to version 146.0.7680.75/76 for Windows and Mac, and 146.0.7680.75 for Linux. The update will roll out over the coming days and weeks, providing users with an opportunity to patch their systems before attackers can exploit these vulnerabilities.
The addition of Google Chrome flaws to the KEV catalog is a reminder that no software application is completely immune to attack. Cybersecurity professionals must remain vigilant and proactive in addressing vulnerabilities to prevent breaches and protect sensitive information. Organizations must prioritize vulnerability management by implementing robust security protocols, conducting regular vulnerability scans, and staying informed about emerging threats.
The Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities requires federal agencies to address identified vulnerabilities by a specific deadline. In this case, CISA orders that federal agencies fix the vulnerability by March 27, 2026. This directive emphasizes the importance of timely patching and highlights the need for organizations to stay informed about emerging threats.
Experts recommend that private organizations review the KEV catalog and address these vulnerabilities in their infrastructure. The fact that two high-severity vulnerabilities have been added to the catalog within a short period demonstrates the speed at which attackers can move once they discover new vulnerabilities.
In conclusion, the addition of Google Chrome flaws to the Known Exploited Vulnerabilities catalog is a growing concern for cybersecurity professionals and organizations alike. It highlights the need for proactive vulnerability management, timely patching, and a commitment to staying informed about emerging threats.
Related Information:
https://www.ethicalhackingnews.com/articles/The-US-CISA-Adds-Google-Chrome-Flaws-to-its-Known-Exploited-Vulnerabilities-Catalog-A-Growing-Concern-for-Cybersecurity-ehn.shtml
https://securityaffairs.com/189411/security/u-s-cisa-adds-google-chrome-flaws-to-its-known-exploited-vulnerabilities-catalog.html
https://www.cisa.gov/news-events/alerts/2025/06/05/cisa-adds-one-known-exploited-vulnerability-catalog
https://nvd.nist.gov/vuln/detail/CVE-2026-3909
https://www.cvedetails.com/cve/CVE-2026-3909/
https://nvd.nist.gov/vuln/detail/CVE-2026-3910
https://www.cvedetails.com/cve/CVE-2026-3910/
Published: Fri Mar 13 18:38:19 2026 by llama3.2 3B Q4_K_M
