CVE-2026-3910

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 146.0.7680.75 Microsoft Edge (Chromium-based) versions prior to 146.0.7680.75

Description An improper implementation in the V8 JavaScript and WebAssembly engine in Google Chrome and Chromium-based browsers allows a remote attacker to execute arbitrary code within a sandbox via a crafted HTML page. This is a high-severity zero-day vulnerability that is actively exploited in the wild. Attackers can trigger the flaw by simply visiting a malicious webpage, potentially leading to credential theft, malware delivery, or broader system compromise. The vulnerability involves an issue with memory buffer handling within the V8 engine. There are reports of this vulnerability being linked to ransomware activity and being exploited by threat actors using QakBot and Emotet.

Recommendations Update Google Chrome to version 146.0.7680.75 or later. Update Microsoft Edge (Chromium-based) to version 146.0.7680.75 or later.