bug-bounty473
google371
microsoft318
facebook271
xss267
rce184
apple178
malware177
exploit165
cve122
account-takeover110
bragging-post102
phishing85
csrf85
privilege-escalation83
browser71
supply-chain69
stored-xss65
authentication-bypass64
dos64
react58
reflected-xss57
cloudflare52
reverse-engineering50
access-control48
node48
input-validation48
aws48
cross-site-scripting48
writeup47
docker46
ssrf45
smart-contract45
ethereum44
web-security43
sql-injection43
defi43
web343
oauth41
web-application41
lfi38
info-disclosure37
pentest37
race-condition37
idor35
burp-suite35
auth-bypass35
vulnerability-disclosure34
cloud34
html-injection33
0
3/10
Google released emergency Chrome patches for two actively exploited zero-days: CVE-2026-3909 (out-of-bounds write in Skia graphics library) and CVE-2026-3910 (inappropriate implementation in V8 JavaScript engine). Both vulnerabilities are being actively exploited in the wild, marking Chrome's third zero-day under attack in 2026.
zero-day
chrome
memory-corruption
out-of-bounds-write
skia
v8
javascript-engine
webassembly
active-exploitation
emergency-patch
browser-security
CVE-2026-3909
CVE-2026-3910
CVE-2026-2441
Google
Chrome
Skia
V8
0
3/10
Google released patches for two high-severity zero-day vulnerabilities in Chrome affecting the Skia graphics library and V8 engine that were actively exploited in the wild. CVE-2026-3909 is an out-of-bounds write in Skia with CVSS 8.8 triggered via crafted HTML.
CVE-2026-3909
Google
Chrome
Skia
V8