CVE-2026-3910 is an actively exploited critical out-of-bounds memory vulnerability in Chrome’s V8 JavaScript engine, patched in the June 23, 2026 Stable Channel desktop update. Exploitation requires only that a target navigate to an attacker-controlled webpage, with no additional user interaction. All desktop Chrome users on Windows, macOS, and Linux running versions prior to the June 23 update are exposed.