【Vulnerability Alert】Chromium-based browsers contain 31 high-risk security vulnerabilities. Please verify and apply the necessary patches as soon as possible.
Source: Ministry of education information & communication security contingency platform
"" "" ""
| Publication Number | TACERT-ANA-2026031911035656 | Publication Time | 2026/03/19 11:02 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2026/03/19 11:02 |
| Impact Level | Medium | ||
| [Subject] 【Vulnerability Alert】Chromium-based browsers contain 31 high-risk security vulnerabilities. Please verify and apply the necessary patches as soon as possible. |
|||
| [Content] Forwarded from the National Institute of Cyber Security NISAC-200-202603-00000010 Security researchers have discovered that Chromium-based browsers, including Google Chrome, Microsoft Edge, Vivaldi, Brave, and Opera, contain 31 high-risk security vulnerabilities (CVE-2026-3909, CVE-2026-3910, CVE-2026-3913 to CVE-2026-3932, and CVE-2026-3934 to CVE-2026-3942). The vulnerability types include Out-of-bounds Write, Code Injection, and Use After Free. In the worst-case scenario, an unauthenticated remote attacker could exploit these vulnerabilities via specially crafted HTML pages to execute arbitrary code within the browser sandbox environment. Among them, CVE-2026-3909 and CVE-2026-3910 have already been exploited by attackers. Please verify your systems and apply the necessary patches as soon as possible. (Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] Google Chrome versions prior to 146.0.7680.80 (excluding 146.0.7680.80) Microsoft Edge versions prior to 146.0.3856.62 (excluding 146.0.3856.62) Vivaldi versions prior to 7.8.3925.81 (excluding 7.8.3925.81) Brave versions prior to 1.88.132 (excluding 1.88.132) Opera versions prior to 128.0.5807.77 (excluding 128.0.5807.77) |
|||
|
[Recommended Actions]
|
|||
| [Reference] 1. https://support.google.com/chrome/answer/95414?hl=zh-Hant 2. https://support.microsoft.com/zh-tw/topic/microsoft-edge-%E6%9B%B4%E6%96%B0%E8%A8%AD%E5%AE%9A-af8aaca2-1b69-4870-94fe-18822dbb7ef1 3. https://help.vivaldi.com/desktop/install-update/update-vivaldi/ 4. https://community.brave.com/t/how-to-update-brave/384780 5. https://help.opera.com/en/latest/crashes-and-issues/#updateBrowser 6. https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html 7. https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html 8. https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_13.html 9. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3909 10. https://vivaldi.com/blog/desktop/autohide-and-security-updates-vivaldi-browser-snapshot-3970-28/ 11. https://www.reddit.com/r/brave_browser/comments/1rtmkxf/release_channel_188132/ 12. https://blogs.opera.com/security/2026/03/update-your-browser-security-fix-for-chrome-zero-day-cve-2026-3910/ |
|||
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw