U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

U.S. CISA adds Google Chrome flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chrome flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Google Chrome flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: This week, Google released security updates to address two high-severity vulnerabilities, […]

CISA BlueHammer (CVE-2026-33825)

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chrome flaws to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Google Chrome flaws to its Known Exploited Vulnerabilities (KEV) catalog.

Below are the flaws added to the catalog:

    This week, Google released security updates to address two high-severity vulnerabilities, tracked as CVE-2026-3909 and CVE-2026-3910, in the Chrome browser. The company is aware of attacks in the wild exploiting both flaws.

    “Google is aware that exploits for both CVE-2026-3909 & CVE-2026-3910 exist in the wild.” reads the advisory published by the tech giant.

    Google experts discovered both vulnerabilities on March 10, 2026. As usual, the company did not disclose details about the attacks exploiting these flaws or the threat actors involved.

    Below are the descriptions for these vulnerabilities:

    • CVE-2026-3909 (CVSS score: 8.8) – Out-of-bounds write in the Skia 2D graphics library that lets a remote attacker trigger memory corruption by tricking a user into opening a specially crafted HTML page.
    • CVE-2026-3910 (CVSS score: 8.8) – Flaw in the implementation of the V8 JavaScript/WebAssembly engine that lets a remote attacker run arbitrary code within the browser sandbox using a maliciously crafted HTML page.

    The company informed users that the Stable channel has been updated to version 146.0.7680.75/76 for Windows and Mac, and 146.0.7680.75 for Linux. The update will roll out over the coming days and weeks. A full list of changes in this build is available in the log.

    According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

    Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.

    CISA orders federal agencies to fix the vulnerability by March 27, 2026.

    Follow me on Twitter: @securityaffairs and Facebook and Mastodon

    Pierluigi Paganini

    (SecurityAffairs – hacking, CISA)