Chrome zero-days exploited, Google patches actively

On Thursday, March 13, 2026, Google issued a critical security update for its Chrome web browser to combat two high-severity vulnerabilities already weaponized by attackers in active campaigns.

Specifically, the first flaw, designated CVE-2026-3909, is an out-of-bounds write issue within the Skia graphics library. Consequently, this allows a remote attacker to perform unauthorized memory access via a malicious HTML page.

The second vulnerability, CVE-2026-3910, involves an inappropriate implementation in the V8 JavaScript engine. This flaw similarly lets an attacker execute arbitrary code inside the browser’s sandbox through crafted web content.

Google discovered and reported both issues internally on March 10, 2026. However, the company has withheld technical details about the ongoing exploits to prevent further abuse by other threat actors.

“Google is aware that exploits for both CVE-2026-3909 and CVE-2026-3910 exist in the wild,” the firm stated. This urgent development follows another high-severity zero-day patch released for Chrome less than a month ago.

For protection, users must update to Chrome versions 146.0.7680.75/76 for Windows and macOS, or 146.0.7680.75 for Linux. Meanwhile, users of other Chromium-based browsers should apply fixes as soon as they become available from their respective vendors.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

• US Debt Hits $578B Quarter, BRICS Sell-Off Sparks Alarm
• Crypto trader loses $50M in swap, gets only 324 tokens
• Struggling Bitcoin Miners May Pivot to AI: Wintermute
• Global Botnet SocksEscort Dismantled by FBI, Europol
• US Gas Prices Hit 2-Year High as Iran Conflict Shuts Key Oil Route