Google rushes Chrome update to patch dangerous Zero-Day flaws under active attack
Google has issued an emergency security update for Chrome to address two high-severity vulnerabilities that are already being exploited by attackers. This marks the third time in 2026 that Google has had to release a patch for active Zero-Day threats. The flaws, identified as CVE-2026-3909 and CVE-2026-3910, target the core components of the browser, potentially allowing hackers to execute malicious code and bypass security sandboxes.
Breaking Down the Vulnerabilities
The two flaws target specific engines within the Chromium architecture that handle graphics and code execution:
- CVE-2026-3909 (Skia): This vulnerability exists in the Skia 2D graphics library. Attackers can trigger an “out-of-bounds memory write” via a specially crafted HTML page. This could lead to a system crash or, in more severe cases, arbitrary code execution.
- CVE-2026-3910 (V8): Located in the V8 JavaScript and WebAssembly engine, this flaw allows attackers to execute code within the browser’s sandbox. This engine is responsible for running the complex scripts that power modern websites, making it a high-value target for hackers.
Google detected these vulnerabilities on March 10, 2026. In line with standard security protocols, technical details regarding the identity of the attackers or the specific methods of exploitation are being withheld until a majority of users have updated their systems.
High Stakes for Users and Organizations
The vulnerabilities have been assigned a CVSS score of 8.8 out of 10, indicating a critical risk level. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has already added both flaws to its Known Exploited Vulnerabilities (KEV) catalog, ordering federal agencies to patch their systems by March 27, 2026.
This update is not only critical for Chrome users but also for those using other Chromium-based browsers, including:
- Microsoft Edge
- Brave
- Opera
- Vivaldi
How to Secure Your Browser Immediately
To stay protected, ensure your browser is updated to the following versions or higher:
- Windows & macOS: 146.0.7680.75/76
- Linux: 146.0.7680.75
Follow these steps to update:
- Open Chrome and click the three dots (More) in the top right corner.
- Select Help > About Google Chrome.
- The browser will automatically check for and download the update.
- Click Relaunch to complete the installation.
Regularly updating your software is the most effective defense against modern cyber threats. Taking a few minutes to relaunch your browser today could prevent a major security breach tomorrow.
ย Origin: thehackernews
