Google has issued an emergency patch for a high-severity zero-day (CVE-2026-3910) in its V8 JavaScript engine, which is being actively exploited in the wild. The flaw allows arbitrary code execution, posing a significant risk to billions of Chrome users globally, including in Australia.
The Iran Israel confrontation is expanding into cyberspace. A cyberattack linked to pro Iran hackers disrupted medical technology giant Stryker, highlighting how geopolitical conflict can now spill directly into hospitals, businesses and supply chains across the connected global economy.
Singtel executives fronted a Senate inquiry, categorically denying explosive allegations that a secret ransom was paid to hackers following the massive 2022 Optus data breach that exposed personal information of 9.8 million Australians, amid ongoing inquiry into the telco's operational failures.
Google has issued an emergency patch for a high-severity zero-day (CVE-2026-3910) in its V8 JavaScript engine, which is being actively exploited in the wild. The flaw allows arbitrary code execution, posing a significant risk to billions of Chrome users globally, including in Australia.
Cyber News Centre's cyber update for 16th March 2026: Google has released an emergency security update for its Chrome browser to patch a high-severity zero-day vulnerability in its V8 JavaScript engine that is being actively exploited in the wild.
Update: Google has released an emergency security update for its Chrome web browser, version 146.0.7680.75, to address a high-severity zero-day vulnerability, tracked as CVE-2026-3910. The flaw, an inappropriate implementation in Chrome's V8 JavaScript and WebAssembly engine, was discovered by Google's Threat Analysis Group on March 10, 2026, and is confirmed to be under active exploitation. The vulnerability allows a remote attacker to execute arbitrary code within the browser's sandbox simply by tricking a user into visiting a malicious website.
Given Chrome's dominant market share in Australia, a significant number of users and organizations are at immediate risk. The US Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to apply the patch by March 27, 2026.
While another zero-day, CVE-2026-3909 in the Skia graphics library, was initially reported alongside this patch, Google has since clarified that its fix will be released in a future update. Users of all Chromium-based browsers, including Microsoft Edge, Brave, and Vivaldi, are also advised to update their software as soon as patches become available.
Why it Matters: The active exploitation of CVE-2026-3910 represents a direct and immediate threat to Australian individuals and organizations. With a low attack complexity that only requires visiting a compromised webpage, the potential for widespread impact is substantial. For businesses, this could lead to the deployment of malware, ransomware, or spyware, resulting in significant data breaches, financial loss, and reputational damage.
The vulnerability undermines the security of the browser, a primary tool for daily business operations, and highlights the persistent threat of sophisticated actors targeting widely used software. The inclusion in the CISA KEV catalog underscores the seriousness of the threat and the urgency for all organizations, not just government agencies, to prioritize patching to mitigate their exposure.
Given Chrome's dominant market share in Australia, a significant number of users and organizations are at immediate risk. The US Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to apply the patch by March 27, 2026.
To keep your device secure, update Chrome as soon as you can. Here are a few handy tips to help you stay out of trouble, even before a zero-day is patched:
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Singtel executives fronted a Senate inquiry, categorically denying explosive allegations that a secret ransom was paid to hackers following the massive 2022 Optus data breach that exposed personal information of 9.8 million Australians, amid ongoing inquiry into the telco's operational failures.
Joint advisory by Australian, New Zealand, and Tongan cyber authorities warns of rising INC Ransom attacks on critical infrastructure. The RaaS group has breached 11 Australian organisations, mainly in healthcare and professional services.
Microsoft’s March 2026 Patch Tuesday fixes 83 flaws, including three critical Office vulnerabilities exploitable through the Preview Pane that allow code execution without opening files, and a Copilot-linked Excel bug that could leak data. The ACSC urges immediate patching under the Essential Eight.
A Western Australian government audit has exposed critical Microsoft 365 security failures across seven state entities, leading to a data breach that leaked information on minors and a separate business email compromise incident resulting in the theft of $71,000 through fraudulent invoices.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
