嗯,用户让我帮忙总结一篇文章,控制在一百个字以内,而且不需要用“文章内容总结”之类的开头。首先,我需要仔细阅读这篇文章,抓住主要信息。 文章讲的是美国网络安全和基础设施安全局(CISA)将两个Google Chrome的漏洞加入到了已知被利用的漏洞目录中。这两个漏洞分别是CVE-2026-3909和CVE-2026-3910,都是高危漏洞。Google已经发布了安全更新来修复这些问题,并且已经检测到有攻击者在利用这些漏洞。 接下来,我需要把这些信息浓缩到一百字以内。重点包括:CISA添加了两个Chrome漏洞到目录中,这两个漏洞是高危的,Google已经修复,并且存在野外攻击。 可能的结构是:CISA将两个Chrome高危漏洞加入目录,Google已修复,野外攻击存在。 这样应该可以控制在一百字以内,并且直接描述内容,不需要额外的开头。 </think> 美国网络安全机构CISA将两个高危Chrome漏洞加入已知被利用漏洞目录,Google已发布安全更新修复。 2026-3-13 22:5:39 Author: securityaffairs.com(查看原文) 阅读量:6 收藏
U.S. CISA adds Google Chrome flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chrome flaws to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Google Chrome flaws to its Known Exploited Vulnerabilities (KEV) catalog.
Below are the flaws added to the catalog:
- CVE-2026-3909 Google Skia Out-of-Bounds Write Vulnerability
- CVE-2026-3910 Google Chromium V8 Unspecified Vulnerability
This week, Google released security updates to address two high-severity vulnerabilities, tracked as CVE-2026-3909 and CVE-2026-3910, in the Chrome browser. The company is aware of attacks in the wild exploiting both flaws.
“Google is aware that exploits for both CVE-2026-3909 & CVE-2026-3910 exist in the wild.” reads the advisory published by the tech giant.
Google experts discovered both vulnerabilities on March 10, 2026. As usual, the company did not disclose details about the attacks exploiting these flaws or the threat actors involved.
Below are the descriptions for these vulnerabilities:
- CVE-2026-3909 (CVSS score: 8.8) – Out-of-bounds write in the Skia 2D graphics library that lets a remote attacker trigger memory corruption by tricking a user into opening a specially crafted HTML page.
- CVE-2026-3910 (CVSS score: 8.8) – Flaw in the implementation of the V8 JavaScript/WebAssembly engine that lets a remote attacker run arbitrary code within the browser sandbox using a maliciously crafted HTML page.
The company informed users that the Stable channel has been updated to version 146.0.7680.75/76 for Windows and Mac, and 146.0.7680.75 for Linux. The update will roll out over the coming days and weeks. A full list of changes in this build is available in the log.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix the vulnerability by March 27, 2026.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, CISA)
如有侵权请联系:admin#unsafe.sh