Google Patches Two Chrome Zero-Day Vulnerabilities in Emergency Security Update

News
Milan Stanojevic
Milan Stanojevic Shield
Windows Toubleshooting Expert
News
Reading time icon 2 min. read

Calendar icon Published on

google chrome zero day exploits

Google has released emergency Chrome security updates to address two high-severity zero-day vulnerabilities that are currently being actively exploited in the wild.

According to reports from security researchers, the fixes are rolling out through Chrome’s Stable Desktop channel with the following versions: 146.0.7680.75 for Windows and Linux, and 146.0.7680.76 for macOS.

Google patches two high-severity Chrome zero-day vulnerabilities

The first vulnerability, CVE-2026-3909, is an out-of-bounds write flaw in Skia, an open-source graphics library used by Chrome to render web content and interface elements.

If exploited, attackers could potentially crash the browser or achieve remote code execution, allowing malicious code to run on the affected system.

The second vulnerability, CVE-2026-3910, affects Chrome’s V8 engine, which handles JavaScript and WebAssembly execution inside the browser.

Google described the issue as an inappropriate implementation flaw that could allow attackers to manipulate how the engine processes certain operations.

To reduce the risk of further attacks, Google has not published detailed technical information about the vulnerabilities.

Patch released quickly

Google confirmed that both vulnerabilities were patched within two days of discovery, highlighting the urgency of the update.

While the patched versions are already available, Google said the global rollout of the update may take several days or weeks to reach all users automatically.

Users can install the update manually through Chrome’s settings menu or wait for the browser to update automatically after the next restart.

Multiple Chrome zero-days in 2026

The two flaws mark the second and third actively exploited Chrome zero-day vulnerabilities patched in 2026.

Earlier this year, Google fixed CVE-2026-2441, a separate vulnerability linked to the CSSFontFeatureValuesMap component.

Security researchers continue to warn that browsers remain a major attack surface, making timely updates essential for protecting user data and systems.

Growing wave of cyberattacks

The Chrome update comes amid a broader surge in cybersecurity incidents.

Recently, attackers launched Google-themed phishing campaigns designed to steal login credentials, while other threat actors have reportedly abused Microsoft Teams to deploy backdoors on corporate systems. There are also reports that Remote Desktop exploits are being sold online, raising concerns among security experts.

Via BleepingComputer

More about the topics: browser, Chrome, Google, security

Milan Stanojevic

Milan Stanojevic Shield

Windows Toubleshooting Expert

Milan has been enthusiastic about technology ever since his childhood days, and this led him to take interest in all PC-related technologies. He's a PC enthusiast and he spends most of his time learning about computers and technology. Before joining WindowsReport, he worked as a front-end web developer. Now, he's one of the Troubleshooting experts in our worldwide team, specializing in Windows errors & software issues.

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

User forum

0 messages