ACCORDING to CISA, the Known Exploited Vulnerabilities (KEV) Catalog is the authoritative source of vulnerabilities that have been exploited in the wild, used to help organisations prioritise vulnerability management. The page shows a single entry for CVE-2026-3910, listed under Google | Chromium V8, with the description noting an improper restriction of operations within the bounds of a memory buffer.
This vulnerability could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page and may affect multiple web browsers that utilise Chromium, including Google Chrome, Microsoft Edge and Opera. The entry states that it is known to be used in ransomware campaigns as unknown, and it provides a concrete action: apply mitigations per vendor instructions, follow applicable guidance for cloud services, or discontinue use of the product if mitigations are unavailable. It also records a date added of 13 March 2026 and a due date of 27 March 2026.