Chrome Zero-Day Vulnerabilities Actively Exploited in the Wild to Execute Malicious Code - CybersecurityNews

Home Cyber Security Chrome Zero-Day Vulnerabilities Actively Exploited in the Wild to Execute Malicious Code Google has released an urgent security update for its Chrome browser after confirming that two high-severity zero-day vulnerabilities are being actively exploited in the wild. The stable channel has been updated to version 146.0.7680.75/76 for Windows and macOS, and 146.0.7680.75 for Linux, with the rollout expected to reach users over the coming days and weeks. Both vulnerabilities were reported internally by Google’s own security team on March 10, 2026, and carry a High severity rating, underscoring the seriousness of the threat to Chrome users worldwide. CVE-2026-3909: Out-of-Bounds Write in Skia The first flaw, tracked as CVE-2026-3909, is an out-of-bounds write vulnerability residing in Skia, the open-source 2D graphics engine that powers Chrome’s rendering pipeline. Out-of-bounds write bugs are particularly dangerous because they allow attackers to overwrite adjacent memory regions, potentially enabling arbitrary code execution or application crashes. When exploited in a browser context, this type of vulnerability can be leveraged to escape sandbox protections and execute malicious code on the victim’s system. CVE-2026-3910: Inappropriate Implementation in V8 The second vulnerability, CVE-2026-3910, involves an inappropriate implementation in V8, Chrome’s high-performance JavaScript and WebAssembly engine. Flaws in V8 are a persistent target for threat actors because JavaScript is constantly executed during normal web browsing, creating abundant exploitation opportunities. An attacker could craft a malicious webpage that, when visited, triggers the flaw to execute code in the context of the browser process. Google has explicitly confirmed that exploits for both CVE-2026-3909 and CVE-2026-3910 exist in the wild, making this a critical update for individuals and organizations alike. Technical details about the bugs and any associated bug tracker entries remain restricted until a significant portion of the user base has applied the patch, a standard practice to prevent further exploitation before systems are protected. Mitigations Users and administrators should update Chrome immediately to mitigate exposure. To manually trigger an update: Open Chrome and navigate to Menu → Help → About Google Chrome Chrome will automatically check for and apply the latest update Restart the browser to complete the installation Organizations managing Chrome deployments through enterprise policies should prioritize pushing version 146.0.7680.75/76 across their environment without delay. Given the active exploitation status of both flaws, waiting for the automatic rollout is not advisable for high-risk environments. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. RELATED ARTICLESMORE FROM AUTHOR Cyber Security News New ACRStealer Variant Uses Syscall Evasion, TLS C2 and Secondary Payload Delivery Cyber Security News Microsoft Exchange Online Mailbox Access Outage Affects Users Globally Cyber Security News Betterleaks – A New Open-Source Tool to Scan Directories, Files, and Git Repositories Top 10 Essential E-Signature Solutions for Cybersecurity in 2026 January 31, 2026 Top 10 Best Data Removal Services In 2026 January 29, 2026 Best VPN Services of 2026: Fast, Secure & Affordable January 26, 2026 Top 10 Best Data Security Companies in 2026 January 23, 2026 Top 15 Best Ethical Hacking Tools – 2026 January 15, 2026