CVE-2026-3910:

Remote code execution vulnerability in Google Chrome's V8 engine.

Score
A numerical rating that indicates how dangerous this vulnerability is.

8.8High

Published Date:Mar 13, 2026
CISA KEV Date:Mar 13, 2026
Industries Affected:20

Threat Predictions

EPSS Score:21.9
EPSS Percentile:96%

Exploitability

Score:2.8
Attack Vector:NETWORK
Attack Complexity:LOW
Privileges Required:NONE
User Interaction:REQUIRED
Scope:UNCHANGED

Impact

Score:5.9
Confidentiality Impact:HIGH
Integrity Impact:HIGH
Availability Impact:HIGH

Description Preview

Remote code execution vulnerability in Google Chrome's V8 engine.

Overview

This vulnerability in Google Chrome's V8 engine poses a significant security risk, with a CVSS v3.1 base score of 8.8 (High). The flaw enables remote attackers to execute arbitrary code within the browser's sandbox, potentially compromising the confidentiality, integrity, and availability of user data. The attack vector is network-based, requires no privileges, and has low attack complexity. However, user interaction is necessary for successful exploitation. The vulnerability is associated with CWE-94 (Improper Control of Generation of Code) and CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), indicating potential issues with code injection and memory handling.

Remediation

To mitigate this vulnerability, users and administrators should immediately update Google Chrome to version 146.0.7680.75 or later. Organizations should prioritize this update, especially for systems used to access sensitive information or critical infrastructure. Additionally, implementing defense-in-depth strategies such as network segmentation, regular security awareness training, and robust endpoint protection can help mitigate the risk of exploitation. Users should be cautioned against visiting untrusted websites or clicking on suspicious links, as user interaction is required for successful exploitation of this vulnerability.