CVE-2026-3910: Type Confusion in V8 Maglev Compiler Leading to Remote Code Execution

CVE-2026-3910 is a high-severity security vulnerability located within the V8 JavaScript and WebAssembly engine used by Google Chrome and other Chromium-based browsers. The vulnerability specifically resides in the Maglev compiler, which serves as V8's mid-tier Just-In-Time (JIT) compiler. Maglev is designed to quickly generate optimized machine code for frequently executed JavaScript functions.

The core issue is an "inappropriate implementation" within the compiler's Phi untagging optimization pass. Phi nodes are structures in compiler Intermediate Representation (IR) that represent values merging from multiple control-flow paths. When a variable holds different types across an if-else branch, the compiler uses a Phi node at the junction to manage the state.

This vulnerability occurs when the Maglev compiler mishandles the type inference and subsequent untagging of these Phi nodes. The resulting flaw allows a remote attacker to execute arbitrary code inside the Chrome sandbox by enticing a user to visit a specially crafted HTML page. Google Threat Analysis Group (TAG) discovered this zero-day vulnerability actively exploited in the wild on March 10, 2026.

The root cause of CVE-2026-3910 lies in a logic error during the Phi untagging phase of the Maglev compiler. Untagging is a critical optimization process where the compiler converts "tagged" JavaScript values into "untagged" raw machine types, such as 64-bit floats or 32-bit integers. Tagged values typically contain metadata indicating whether the value is a pointer to an object on the heap or a Small Integer (Smi).

The vulnerability manifests when the compiler incorrectly assumes that a specific Phi node will exclusively contain a primitive type based on incomplete analysis of its input paths. If an attacker constructs JavaScript where one of the control-flow paths provides a non-primitive object instead of the expected primitive, a type confusion condition arises. The compiler proceeds to elide necessary type bounds checks, operating under the false assumption that the object is a safe primitive.

Because these checks are stripped from the final JIT-compiled machine code, the resulting execution violates memory safety. The engine performs operations on a heap object as if it were a raw primitive, or vice versa. This specific memory safety violation directly enables out-of-bounds memory access, allowing an attacker to read and write arbitrary memory within the V8 isolate.

To understand the compiler failure, it is necessary to examine how Maglev processes intermediate representation (IR) during the compilation pipeline. The graph below illustrates the incorrect optimization path that leads to the out-of-bounds access condition.

When the Maglev compiler analyzes the Phi Node Creation step, the untagging logic fails to account for the possibility of the Heap Object traversing the second path. The Incorrect Type Inference phase forces the value into an untagged representation.

By manipulating the JavaScript input to trigger this exact compilation path, an attacker forces the V8 engine to execute the Elided Bounds Checks code block. The attacker then supplies a crafted object that bypasses standard memory restrictions, achieving the primitive read/write capabilities required for exploitation.

Exploitation of CVE-2026-3910 requires a user to interact with a malicious payload by navigating to an attacker-controlled HTML page. The attack vector is network-based, and the complexity is relatively low for an adversary possessing the exploit primitive.

The exploitation process begins when the V8 engine interprets the malicious JavaScript and identifies a hot function suitable for Maglev compilation. The attacker structures the JavaScript to intentionally trigger the Phi untagging bug, forcing the compiler to generate vulnerable machine code. Once the JIT-compiled function is invoked, the type confusion is triggered, granting the attacker out-of-bounds read and write primitives within the renderer process memory.

The attacker utilizes these memory access primitives to locate executable memory pages, write arbitrary shellcode, and hijack the control flow of the browser's renderer process. It is necessary to note that achieving Remote Code Execution (RCE) via this vulnerability only compromises the browser sandbox. To fully compromise the host operating system, the attacker must chain this vulnerability with a secondary sandbox escape exploit, such as CVE-2026-3909 affecting the Skia component.

The impact of CVE-2026-3910 is classified as high severity, carrying a CVSS v3.1 score of 8.8. The CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H indicates that the vulnerability is exploitable over the network without prior authentication, requiring only user interaction.

Successful exploitation results in a total loss of confidentiality, integrity, and availability within the context of the Chrome renderer sandbox. An attacker gains the ability to execute arbitrary code, which allows them to read sensitive data within the browser session, modify application behavior, and crash the renderer process.

The vulnerability is under active exploitation in the wild, significantly elevating the risk profile for affected organizations. The Exploit Prediction Scoring System (EPSS) assigns this vulnerability a score of 0.21893, placing it in the 95.67th percentile of expected exploitation activity. CISA has added this vulnerability to the Known Exploited Vulnerabilities (KEV) catalog, underscoring the immediate threat it poses to enterprise environments.

The definitive remediation for CVE-2026-3910 is to update Google Chrome and all affected Chromium-based browsers to version 146.0.7680.75 or higher. This update contains the patched Maglev compiler logic that correctly handles type inference and bounds checking during Phi untagging.

Administrators must verify that browser auto-update mechanisms are functioning correctly across all endpoints. For enterprise environments, security teams should utilize mobile device management (MDM) or group policy objects (GPO) to enforce the deployment of the patched browser version.

Organizations governed by CISA's Binding Operational Directive (BOD 22-01) are required to apply this patch by the mandated deadline of March 27, 2026. Security researchers analyzing the vulnerability can monitor the unpatched behavior by launching older V8 builds with specific debugging flags, such as --maglev and --trace-maglev-phi-untagging, to observe the JIT compiler's execution state.