Google Fixes Two Actively Exploited Chrome Zero-Day Vulnerabilities
Intelligence report synthesized for precision. Verified source updates below.
Detailed Report
Google on Thursday pushed out security updates for Chrome addressing two zero-day vulnerabilities, both rated 8.8 out of 10 on the CVSS severity scale, that the company confirmed are being exploited in real-world attacks.
The first flaw, CVE-2026-3909, is an out-of-bounds write vulnerability in Skia, the open-source 2D graphics library Chrome uses for rendering. It allows a remote attacker to access memory outside its intended boundaries through a specially crafted HTML page. The second, CVE-2026-3910, is an inappropriate implementation bug in V8, Chrome’s JavaScript and WebAssembly engine, that could allow an attacker to execute arbitrary code within the browser’s sandbox, again via a malicious webpage.
Both vulnerabilities were discovered internally by Google on March 10 and patched two days later. As is standard practice, Google has withheld technical details about how the flaws are being exploited and by whom, in order to limit the window for other threat actors to take advantage before users update.This brings Google’s total count of actively exploited Chrome zero-days in 2026 to three. Less than a month ago, the company patched CVE-2026-2441, a high-severity use-after-free bug in Chrome’s CSS component that had also been weaponised in the wild.
Users should update Chrome to version 146.0.7680.75/76 on Windows and macOS, or 146.0.7680.75 on Linux. The update can be triggered by navigating to More > Help > About Google Chrome. Users of other Chromium-based browsers, including Microsoft Edge, Brave, Opera, and Vivaldi, should also apply patches as they become available
Abdul Wasay explores emerging trends across AI, cybersecurity, startups and social media platforms in a way anyone can easily follow.
Pakistan’s National Computer Emergency Response Team has accelerated a sweeping cybersecurity audit of government websites following a fresh wave of hacker attacks targeting state-run digital.
The Federal Board of Revenue (FBR) has implemented strict cybersecurity measures to protect sensitive data from cyberattacks. FBR officials recently submitted a formal, written report.
Website hacking and data leaks have emerged as a serious threat to Pakistan’s digital infrastructure, with both federal and provincial government institutions becoming major targets.
A Google report reveals how a stolen developer token from last year’s nx package attack was used to breach a victim’s cloud environment, create an.
