Flaws in the Google Chromium web browser engine and Microsoft Windows Video ActiveX Control are among six issues added to the Cybersecurity and Infrastructure Security Agency’s (Cisa’s) Known Exploited Vulnerabilities (Kev) catalogue this week.
Their inclusion on the regularly-updated Kev list mandates remedial action by agencies of the US government by a certain date – 10 March 2026 in this instance – but more broadly, for private sector organisations all over the world, it serves as a timely guide to what vulnerabilities are being actively exploited in the wild and which warrant urgent attention.
The Google Chromium issue, tracked as CVE-2026-2441, is a remote code execution (RCE) flaw arising from a use-after-free condition in which the application…