out-of-bounds-write

3 articles
sort: new top best
clear filter
bug-bounty473 google371 microsoft318 facebook271 xss267 rce184 apple178 malware177 exploit165 cve122 account-takeover110 bragging-post102 phishing85 csrf85 privilege-escalation83 browser71 supply-chain69 stored-xss65 authentication-bypass64 dos64 react58 reflected-xss57 cloudflare52 reverse-engineering50 access-control48 node48 input-validation48 aws48 cross-site-scripting48 writeup47 docker46 ssrf45 smart-contract45 ethereum44 web-security43 sql-injection43 defi43 web343 oauth41 web-application41 lfi38 info-disclosure37 pentest37 race-condition37 idor35 burp-suite35 auth-bypass35 vulnerability-disclosure34 cloud34 html-injection33
0 3/10
Google rushes Chrome update fixing two zero-days under attack
news

Google released emergency Chrome patches for two actively exploited zero-days: CVE-2026-3909 (out-of-bounds write in Skia graphics library) and CVE-2026-3910 (inappropriate implementation in V8 JavaScript engine). Both vulnerabilities are being actively exploited in the wild, marking Chrome's third zero-day under attack in 2026.

zero-day chrome memory-corruption out-of-bounds-write skia v8 javascript-engine webassembly active-exploitation emergency-patch browser-security
CVE-2026-3909 CVE-2026-3910 CVE-2026-2441 Google Chrome Skia V8
theregister.com · Brajeshwar · 8 hours ago · details · hn
0 3/10
Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8
news

Google released patches for two high-severity zero-day vulnerabilities in Chrome affecting the Skia graphics library and V8 engine that were actively exploited in the wild. CVE-2026-3909 is an out-of-bounds write in Skia with CVSS 8.8 triggered via crafted HTML.

zero-day chrome skia v8 out-of-bounds-write memory-corruption cve exploit-in-wild browser-security
CVE-2026-3909 Google Chrome Skia V8
thehackernews.com · [email protected] (The Hacker News) · 11 hours ago · details
0 3/10
Google fixes two new Chrome zero-days exploited in attacks
news

Google released emergency patches for two actively exploited Chrome zero-days: CVE-2026-3909 (out-of-bounds write in Skia graphics library enabling code execution) and CVE-2026-3910 (inappropriate V8 JavaScript engine implementation). Both vulnerabilities were discovered and patched by Google within two days of discovery.

zero-day chrome cve-2026-3909 cve-2026-3910 out-of-bounds-write code-execution v8-engine skia-graphics javascript-engine browser-security actively-exploited emergency-patch
CVE-2026-3909 CVE-2026-3910 CVE-2026-2441 Google Skia V8 Chrome Google Threat Analysis Group BleepingComputer
bleepingcomputer.com · Sergiu Gatlan · 13 hours ago · details