CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ⬡ Vulnerabilities & CVEs Jun 10, 2026

Google Releases Urgent Chrome Update for Two Zero-Day Flaws - SQ Magazine

SQ Magazine Archived Jun 10, 2026 ✓ Full text saved

Google Releases Urgent Chrome Update for Two Zero-Day Flaws SQ Magazine

Full text archived locally
✦ AI Summary · Claude Sonnet


    Google has released a security update for Chrome to fix two high severity vulnerabilities that are already being exploited in real world attacks. Quick Summary – TLDR: Google fixed two actively exploited Chrome vulnerabilities tracked as CVE-2026-3909 and CVE-2026-3910. The flaws affect Skia graphics library and the V8 JavaScript engine used in Chrome. Both vulnerabilities can be triggered using maliciously crafted HTML pages. Users are advised to update Chrome immediately to the latest available versions. What Happened? Google has released an urgent security update for the Chrome web browser to address two high severity vulnerabilities that attackers are already exploiting in the wild. The flaws were discovered by Google researchers and were fixed shortly after being reported. The company confirmed the active exploitation and warned users to update their browsers as soon as the patched versions become available. Google has issued an urgent security update for its Chrome browser after confirming that two high-severity zero-day vulnerabilities are actively being exploited in the wild. The vulnerabilities allow attackers to execute malicious code on a victim’s system. Users are advised to… pic.twitter.com/EC6SCmrKuh — GuardingPearSoftware (@GuardingPearSof) March 13, 2026 Two Serious Vulnerabilities Identified The vulnerabilities are tracked as CVE-2026-3909 and CVE-2026-3910, and both carry a CVSS severity score of 8.8, placing them in the high risk category. According to Google, both issues could allow attackers to compromise systems if a victim opens a specially crafted web page. The vulnerabilities include: CVE-2026-3909 – An out of bounds write vulnerability in the Skia 2D graphics library, which is responsible for rendering web content and user interface elements in Chrome. Attackers could exploit the flaw to cause memory corruption or potentially execute code. CVE-2026-3910 – An inappropriate implementation issue in the V8 JavaScript and WebAssembly engine, which could allow a remote attacker to run arbitrary code inside the browser sandbox using a crafted HTML page. Both vulnerabilities were discovered and reported by Google on March 10, 2026. Google confirmed the situation in its advisory, stating: “Google is aware that exploits for both CVE-2026-3909 & CVE-2026-3910 exist in the wild.” As is standard practice with active vulnerabilities, the company has not released detailed technical information about the attacks or the threat actors involved. Limiting this information helps prevent additional attackers from exploiting the issues before most users install the updates. Chrome Updates Rolling Out Google has already released patched versions of Chrome for desktop users. The Stable channel has been updated to the following versions: Windows: 146.0.7680.75 macOS: 146.0.7680.76 Linux: 146.0.7680.75 The update is rolling out gradually and may take several days or weeks to reach all users automatically. Users can manually install the update by navigating to: More > Help > About Google Chrome Chrome will automatically check for updates and prompt users to relaunch the browser once the update is installed. Part of a Growing Trend of Chrome Zero Day Fixes The latest fixes come shortly after Google patched another actively exploited vulnerability earlier this year. In February 2026, the company addressed CVE-2026-2441, a use after free vulnerability in Chrome’s CSS component that attackers were already exploiting. With the latest fixes, three actively exploited Chrome zero-day vulnerabilities have been patched in 2026 so far. The previous flaw was reported by security researcher Shaheen Fazim and could potentially allow attackers to compromise affected systems. During 2025, Google fixed eight Chrome zero day vulnerabilities, many of which were discovered by the company’s Threat Analysis Group, a team known for tracking sophisticated cyber threats including spyware campaigns. Security Researchers Continue to Play a Key Role Google also highlighted the importance of external security researchers in identifying vulnerabilities. Through its Vulnerability Reward Program, the company paid more than 17 million dollars to 747 researchers in 2025 for responsibly reporting security issues. These programs encourage researchers to disclose flaws safely so companies can fix them before attackers widely exploit them. Users of Chromium Based Browsers Should Also Update The vulnerabilities affect the Chromium engine, which means users of other Chromium based browsers should also watch for updates. Affected browsers may include: Microsoft Edge Brave Opera Vivaldi Security patches will likely arrive for these browsers once their developers integrate the latest Chromium updates. SQ Magazine’s Takeaway In my view, this situation highlights how quickly browser vulnerabilities can become real world threats. Chrome is one of the most widely used browsers on the internet, so even a single flaw can put millions of users at risk. The fact that attackers were already exploiting both vulnerabilities makes fast updates extremely important. If you use Chrome or any Chromium based browser, updating immediately is one of the simplest and most effective ways to stay protected online.
    💬 Team Notes
    Article Info
    Source
    SQ Magazine
    Category
    ⬡ Vulnerabilities & CVEs
    Published
    Jun 10, 2026
    Archived
    Jun 10, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗