Exposures › CVE-2026-3910
Google Chromium V8 allows remote code execution via crafted HTML pages, enabling attackers to bypass sandbox protections.
This vulnerability permits arbitrary code execution within the browser sandbox through a crafted HTML page, posing a severe risk to DIB organizations relying on Chromium-based browsers for web-based tools or portals. Immediate patching is critical to prevent remote attackers from exploiting this flaw to compromise user sessions or escalate privileges.
Shame score — Google shipped a high-severity RCE vulnerability in a widely deployed browser engine that was actively exploited in the wild, indicating a failure in timely detection and patching.
Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
| Product | Provider | Status | Match |
|---|---|---|---|
| Google Services (Google Cloud Platform Products and underlying Infrastructure) | Authorized | vendor-exact · 0.90 | |
| Google Workspace | Authorized | vendor-exact · 0.90 |