Chrome zero-day vulnerabilities have forced Google to release urgent security updates after discovering two high-severity flaws actively exploited by attackers. The vulnerabilities affect critical components of the Chrome browser, raising concerns across the cybersecurity community.
The Chrome zero-day flaws impact the Skia graphics library and the V8 JavaScript engine, two essential technologies used to render web pages and execute code. Security experts warn that attackers could exploit these issues through specially crafted web pages.
Chrome Zero-Day Vulnerabilities Identified by Google
The Chrome zero-day vulnerabilities were discovered and reported internally by Google’s security team earlier this week. Both flaws carry a severity score of 8.8 on the Common Vulnerability Scoring System.
The first vulnerability, tracked as CVE-2026-3909, affects the Skia 2D graphics library used in Chrome for rendering images and visual elements on websites. According to security reports, the issue involves an out-of-bounds write vulnerability that could allow attackers to manipulate memory through a malicious HTML page.
The second Chrome zero-day issue, CVE-2026-3910, affects the V8 JavaScript and WebAssembly engine. This flaw stems from an inappropriate implementation that could allow attackers to execute arbitrary code within a browser sandbox environment.
Both vulnerabilities demonstrate how complex browser components can create potential entry points for cyber attackers.
Chrome Zero-Day Exploits Detected in the Wild
Google confirmed that the Chrome zero-day vulnerabilities are already being exploited in real-world attacks. However, the company has intentionally limited technical details about the exploitation methods.
Security vendors often follow this approach to prevent additional threat actors from replicating the attacks before users install security patches.
Although information about the attackers remains undisclosed, the existence of active exploitation significantly increases the urgency for users to update their browsers immediately.
Chrome Zero-Day Adds to Growing Security Concerns
The latest Chrome zero-day vulnerabilities come shortly after another serious browser security issue earlier this year. In February, Google released patches for CVE-2026-2441, a high-severity bug in Chrome’s CSS component that attackers also exploited as a zero-day vulnerability.
With the newest patch, Google has now fixed three actively exploited Chrome zero-day vulnerabilities since the start of the year.
This pattern highlights the increasing sophistication of cyber threats targeting widely used web browsers.
Chrome Zero-Day Patch Released for Multiple Platforms
To address the vulnerabilities, Google has released updated versions of the Chrome browser across major operating systems.
Users are advised to upgrade to version 146.0.7680.75 or 146.0.7680.76 on Windows and macOS. Linux users should install version 146.0.7680.75.
Installing the update requires navigating to the browser settings and selecting the “About Google Chrome” option. Once the update downloads, users must restart the browser to apply the security patch.
Regular updates remain one of the most effective defenses against browser-based attacks.
Chrome Zero-Day Also Affects Chromium-Based Browsers
Because the vulnerabilities originate in Chromium components, the zero-day issues may also affect other browsers built on the Chromium engine.
This includes Microsoft Edge, Brave, Opera and Vivaldi. Developers of those browsers are expected to release corresponding security patches soon.
Users of these browsers should monitor official update channels and install patches as soon as they become available.
Chrome Zero-Day Highlights Importance of Browser Security
The discovery of these zero-day vulnerabilities underscores the critical role web browsers play in cybersecurity. Browsers act as the primary gateway between users and the internet, making them frequent targets for cybercriminals.
Experts recommend keeping browsers updated, avoiding suspicious links and enabling automatic updates whenever possible.
As cyber threats continue evolving, timely software updates remain essential for protecting personal data and preventing exploitation.
