**

Google Chrome Vulnerabilities Added to CISA's Known Exploited Vulnerabilities Catalog

The United States Cybersecurity and Infrastructure Security Agency (CISA) has added two high-severity vulnerabilities in Google Chrome to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities, tracked as CVE-2026-3909 and CVE-2026-3910, have been exploited in the wild, and Google has released security updates to address the issues. As a result, federal agencies and private organizations are urged to review and address these vulnerabilities in their infrastructure to prevent potential data breaches.

The two vulnerabilities were discovered by Google experts on March 10, 2026, and the company is aware that exploits exist in the wild. However, the details of the attacks and the threat actors involved are not disclosed. The vulnerabilities were added to the CISA's KEV catalog, which lists known exploited vulnerabilities that pose a significant risk to federal agencies and other organizations.

**CISA's KEV Catalog and the Importance of Vulnerability Management**

The CISA's KEV catalog is a critical resource for organizations to identify and address vulnerabilities in their infrastructure. The catalog is updated regularly to reflect newly discovered vulnerabilities that are being actively exploited. By adding Google Chrome vulnerabilities to the catalog, CISA is highlighting the importance of addressing these vulnerabilities to prevent potential data breaches.

According to the Binding Operational Directive (BOD) 22-01, federal agencies are required to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog. Private organizations are also recommended to review the catalog and address the vulnerabilities in their infrastructure to prevent potential security incidents.

**Details of the Vulnerabilities**

The two vulnerabilities added to the CISA's KEV catalog are:

* **CVE-2026-3909**: This vulnerability is a high-severity bug that affects the Chrome browser. Google experts discovered the vulnerability on March 10, 2026, and the company is aware that exploits exist in the wild. * **CVE-2026-3910**: This vulnerability is also a high-severity bug that affects the Chrome browser. Like CVE-2026-3909, Google experts discovered the vulnerability on March 10, 2026, and the company is aware that exploits exist in the wild.

**Google's Response and Recommendations**

Google has released security updates to address the two vulnerabilities. The Stable channel has been updated to version 146.0.7680.75/76 for Windows and Mac, and 146.0.7680.75 for Linux. The update will roll out over the coming days and weeks. A full list of changes in this build is available in the log.

Experts recommend that organizations review the CISA's KEV catalog and address the vulnerabilities in their infrastructure to prevent potential security incidents. By staying up-to-date with the latest security patches and updates, organizations can reduce the risk of data breaches and other security incidents.

**Conclusion**

The addition of Google Chrome vulnerabilities to the CISA's KEV catalog highlights the importance of vulnerability management and the need for organizations to stay up-to-date with the latest security patches and updates. By addressing these vulnerabilities, organizations can reduce the risk of data breaches and other security incidents. It is essential for organizations to review the CISA's KEV catalog regularly and address the vulnerabilities in their infrastructure to prevent potential security incidents.