Two New Google Chrome Zero-Day Vulnerabilities Actively Exploited for Code Execution - cyberpress.org
cyberpress.orgArchived Mar 18, 2026✓ Full text saved
Two New Google Chrome Zero-Day Vulnerabilities Actively Exploited for Code Execution cyberpress.org
Full text archived locally
✦ AI Summary· Claude Sonnet
Two New Google Chrome Zero-Day Vulnerabilities Actively Exploited for Code Execution
By AnuPriya
March 13, 2026
Categories:
Cyber Security NewsCybersecurityVulnerability
Google has released an emergency security update for its Chrome browser after discovering two high‑severity zero‑day vulnerabilities that are actively being exploited in the wild.
The flaws, tracked as CVE‑2026‑3909 and CVE‑2026‑3910, could allow attackers to execute malicious code on vulnerable systems.
The company announced the fixes as part of the Chrome Stable Channel update, which upgrades the browser to version 146.0.7680.75/76 for Windows and macOS and version 146.0.7680.75 for Linux. The update is being rolled out gradually over the coming days and weeks.
Two High-Severity Zero-Day Flaws
According to Google’s advisory, both vulnerabilities were discovered internally by the Google security team and reported on March 10, 2026.
Google confirmed that exploits targeting these vulnerabilities already exist in the wild, making immediate patching critical for users and organizations.
The first vulnerability, CVE‑2026‑3909, is an out‑of‑bounds write flaw in Skia, the graphics engine used by Chrome for rendering images and visual elements.
Out‑of‑bounds memory issues occur when a program writes data outside the allocated memory buffer.
Attackers can potentially exploit this behavior to corrupt memory and execute arbitrary code within the browser environment.
The second vulnerability, CVE‑2026‑3910, involves an inappropriate implementation issue in V8, Chrome’s high‑performance JavaScript engine.
V8 is responsible for executing JavaScript code within the browser, and vulnerabilities in this component are particularly dangerous because they can be triggered through malicious web content.
If successfully exploited, this flaw could allow attackers to manipulate browser processes, potentially enabling remote code execution or further system compromise.
Google has confirmed that both vulnerabilities are already being exploited in real‑world attacks. However, the company has not disclosed specific details about the exploitation techniques, threat actors involved, or attack campaigns.
This limited disclosure is intentional. Google restricts technical details about actively exploited vulnerabilities until most users receive the security update, preventing attackers from using the information to develop new exploits.
Zero‑day vulnerabilities are especially dangerous because they are exploited before security patches are widely available.
Attackers often use them in targeted campaigns against high‑value individuals, enterprises, journalists, or government organizations.
Google stated that many Chrome security vulnerabilities are identified through advanced automated testing tools and security technologies integrated into the Chromium development process. These include:
AddressSanitizer for detecting memory corruption vulnerabilities
MemorySanitizer for identifying uninitialized memory usage
UndefinedBehaviorSanitizer for catching undefined code behavior
Control Flow Integrity protects against control flow hijacking
Fuzz testing tools such as libFuzzer and AFL
These tools help detect vulnerabilities early during development before they reach the stable release channel.
Mitigation and Update Recommendations
Users and organizations are strongly advised to update Chrome immediately to the latest version to protect against potential exploitation.
Security experts recommend the following actions:
Update Chrome to version 146.0.7680.75 or later
Restart the browser after updating to ensure patches are applied
Enable automatic browser updates where possible
Monitor systems for suspicious browser behavior or unexpected processes
Users can verify their Chrome version by navigating to Settings → About Chrome, which will automatically trigger an update check.
With both vulnerabilities confirmed as actively exploited, applying the latest Chrome update remains the most effective way to prevent potential compromise.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
Share
Facebook
Twitter
Pinterest
WhatsApp
AnuPriya
Any Priya is a cybersecurity reporter at Cyber Press, specializing in cyber attacks, dark web monitoring, data breaches, vulnerabilities, and malware. She delivers in-depth analysis on emerging threats and digital security trends.
Recent Articles
Ubuntu Desktop Vulnerability Allows Privilege Escalation to Full Root Access
Cyber Security News March 18, 2026
Microsoft Halts Forced Installation of 365 Copilot App on Windows Devices
Cyber Security News March 18, 2026
COVERT RAT Delivered Through Court-Themed Lures and GitHub Payloads
Cyber Security News March 18, 2026
Google Warns Ransomware Groups Are Pivoting To Data Theft As Profits Decline
Cyber Security News March 18, 2026
U.S. Network Footholds and Camera Targeting Linked To Iranian Cyber Operations
APT March 18, 2026
Related Stories
Cyber Security News
Ubuntu Desktop Vulnerability Allows Privilege Escalation to Full Root Access
AnuPriya - March 18, 2026
Cyber Security News
Microsoft Halts Forced Installation of 365 Copilot App on Windows Devices
AnuPriya - March 18, 2026
Cyber Security News
COVERT RAT Delivered Through Court-Themed Lures and GitHub Payloads
Varshini - March 18, 2026
Cyber Security News
Google Warns Ransomware Groups Are Pivoting To Data Theft As Profits Decline
Varshini - March 18, 2026
APT
U.S. Network Footholds and Camera Targeting Linked To Iranian Cyber Operations
Varshini - March 18, 2026
Cyber Security News
Microsoft Teams Vishing Attack Leads to Quick Assist Compromise
AnuPriya - March 18, 2026
LEAVE A REPLY
Comment:
Name:*
Email:*
Website: