CVE-2026-3910
HIGH WAF: Medium
CVSS 8.8
Published: 2026-03-13
CWE-94
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
WAF Coverage Analysis
Code Injection
Medium WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution 933xxx - PHP Injection 934xxx - Node.js / Generic Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| chrome | up to 146.0.7680.75 |
References
- chromereleases.googleblog.com (Vendor Advisory, Release Notes)
- issues.chromium.org (Permissions Required)
- www.cisa.gov (US Government Resource)