bug-bounty468
google369
microsoft315
facebook269
xss264
rce179
apple177
malware177
exploit157
cve119
account-takeover107
bragging-post102
phishing85
csrf84
privilege-escalation83
supply-chain69
browser68
stored-xss65
authentication-bypass64
dos63
reflected-xss57
react55
cloudflare52
reverse-engineering50
access-control48
input-validation48
cross-site-scripting48
node48
aws47
docker46
smart-contract45
ssrf44
ethereum44
writeup43
defi43
web-security43
sql-injection43
web343
web-application41
oauth40
race-condition37
lfi35
burp-suite35
info-disclosure35
auth-bypass35
vulnerability-disclosure34
idor34
pentest34
buffer-overflow33
html-injection33
0
3/10
Google released emergency patches for two actively exploited Chrome zero-days: CVE-2026-3909 (out-of-bounds write in Skia graphics library enabling code execution) and CVE-2026-3910 (inappropriate V8 JavaScript engine implementation). Both vulnerabilities were discovered and patched by Google within two days of discovery.
zero-day
chrome
cve-2026-3909
cve-2026-3910
out-of-bounds-write
code-execution
v8-engine
skia-graphics
javascript-engine
browser-security
actively-exploited
emergency-patch
CVE-2026-3909
CVE-2026-3910
CVE-2026-2441
Google
Skia
V8
Chrome
Google Threat Analysis Group
BleepingComputer