emergency-patch

3 articles
sort: new top best
clear filter
bug-bounty451 google354 xss338 microsoft283 facebook246 apple171 exploit163 rce160 malware102 account-takeover95 cve91 bragging-post86 csrf83 browser77 writeup75 privilege-escalation68 react60 authentication-bypass57 cloudflare54 dos53 node52 docker51 ssrf51 phishing50 aws48 access-control47 oauth45 smart-contract45 supply-chain44 ethereum43 defi42 web342 sql-injection41 lfi37 idor35 vulnerability-disclosure32 smart-contract-vulnerability32 clickjacking31 burp-suite31 info-disclosure31 race-condition31 web-application31 reverse-engineering31 wordpress30 input-validation30 web-security29 information-disclosure29 cloud29 reflected-xss29 solidity27
0 3/10
Google rushes Chrome update fixing two zero-days under attack
news

Google released emergency Chrome patches for two actively exploited zero-days: CVE-2026-3909 (out-of-bounds write in Skia graphics library) and CVE-2026-3910 (inappropriate implementation in V8 JavaScript engine). Both vulnerabilities are being actively exploited in the wild, marking Chrome's third zero-day under attack in 2026.

zero-day chrome memory-corruption out-of-bounds-write skia v8 javascript-engine webassembly active-exploitation emergency-patch browser-security
CVE-2026-3909 CVE-2026-3910 CVE-2026-2441 Google Chrome Skia V8
theregister.com · Brajeshwar · 7 hours ago · details · hn
0 3/10
Google fixes two new Chrome zero-days exploited in attacks
news

Google released emergency patches for two actively exploited Chrome zero-days: CVE-2026-3909 (out-of-bounds write in Skia graphics library enabling code execution) and CVE-2026-3910 (inappropriate V8 JavaScript engine implementation). Both vulnerabilities were discovered and patched by Google within two days of discovery.

zero-day chrome cve-2026-3909 cve-2026-3910 out-of-bounds-write code-execution v8-engine skia-graphics javascript-engine browser-security actively-exploited emergency-patch
CVE-2026-3909 CVE-2026-3910 CVE-2026-2441 Google Skia V8 Chrome Google Threat Analysis Group BleepingComputer
bleepingcomputer.com · Sergiu Gatlan · 12 hours ago · details
0 7/10
Scroll
incident-report

Scroll executed an emergency upgrade on April 25, 2025 to patch two critical vulnerabilities: a soundness bug in OpenVM 1.0.0's auipc opcode circuit (off-by-one in enumeration causing insufficient range checking) and a message spoofing vulnerability in the bridge's EnforcedTxGateway contract that could allow arbitrary token minting on L2.

circuit-soundness zero-knowledge-proof bridge-vulnerability message-spoofing token-minting emergency-patch smart-contract-vulnerability access-control-bypass layer-2 scroll-network opcode-implementation range-check-bug
Scroll OpenVM Axiom Immunefi WhiteHatMage Trail of Bits L1ScrollMessenger EnforcedTxGateway L2ScrollMessenger
forum.scroll.io · WhiteHatMage · 19 hours ago · details