Google Releases Emergency Chrome Update to Fix Two Actively Exploited Zero-Day Vulnerabilities
Google has released an emergency security update for its Chrome browser after discovering two previously unknown vulnerabilities that were already being exploited by attackers. The company confirmed that the flaws affect critical components of the browser and urged users to install the latest update to stay protected.
The vulnerabilities, identified as CVE-2026-3909 and CVE-2026-3910, impact key parts of Chrome including the Skia graphics library and the V8 JavaScript engine. Google said it is aware that both security flaws are currently being exploited in real-world attacks, although detailed information about the vulnerabilities has not been made public yet.
Two Critical Security Flaws Identified
According to Google, the first vulnerability, CVE-2026-3909, is an out-of-bounds write flaw found in Skia, the graphics library responsible for rendering web content and elements of the Chrome user interface.
Memory corruption vulnerabilities like this can allow attackers to crash applications or potentially execute malicious code if successfully exploited. Such flaws are particularly dangerous because they may enable hackers to gain deeper control over systems running the affected software.
The second vulnerability, CVE-2026-3910, affects V8, the JavaScript and WebAssembly engine used by Chrome to process scripts on web pages.
Security experts say vulnerabilities in JavaScript engines are especially valuable to attackers because they can sometimes be triggered simply by convincing users to visit a malicious or compromised website.
Exploits Already Detected in the Wild
Google confirmed that both vulnerabilities are actively being exploited, though it has not disclosed details about the attacks or the groups responsible.
The company said technical details about the flaws will remain restricted until a majority of Chrome users have installed the security updates.
This approach is common when dealing with zero-day vulnerabilities, which are security flaws that attackers exploit before developers have had time to release a fix. Revealing too much information too early could help other attackers replicate the exploits.
Google also noted that restrictions may remain in place if the vulnerabilities affect third-party libraries used by other software projects, allowing those developers time to release their own patches.
Update Available Across Major Platforms
The security fixes have been included in the latest Chrome Stable update, which is being rolled out for Windows, macOS and Linux systems.
Most users will receive the update automatically over the coming days as part of Chrome’s regular background update process. However, users can also manually check for updates through the browser’s settings menu.
Once the update is downloaded, users must restart their browser to complete the installation and activate the security fixes.
Cybersecurity experts often recommend applying browser updates as soon as possible, especially when vulnerabilities are already being exploited.
Chrome’s Growing List of Zero-Day Vulnerabilities in 2026
The latest patches add to a growing list of security issues discovered in Chrome during 2026.
Just last month, Google addressed another actively exploited zero-day vulnerability, CVE-2026-2441, which involved a use-after-free flaw in Chrome’s CSS handling system. That bug could potentially allow malicious websites to execute code within the browser environment.
With the discovery of two additional vulnerabilities, the number of actively exploited Chrome zero-day flaws in 2026 has now risen to three.
Google’s Security Research Efforts
Google said both newly discovered vulnerabilities were identified by its internal security teams, which regularly audit Chrome’s code to detect potential weaknesses before attackers can exploit them.
The company also works closely with external cybersecurity researchers through its Vulnerability Reward Program, which offers financial incentives for reporting security flaws.
Earlier this week, Google revealed that it paid approximately $17 million to 747 security researchers in 2025 through the program, rewarding individuals who helped identify and report vulnerabilities across its products and services.
Users Urged to Update Browsers
Security experts say keeping browsers up to date remains one of the most important steps in protecting against cyberattacks.
Because modern browsers handle sensitive tasks such as online banking, email access and document management, vulnerabilities in these platforms can create significant security risks if left unpatched.
Google has urged users to update Chrome immediately and restart the browser to ensure the security fixes are fully applied.
As cyber threats continue to evolve, companies and security researchers say regular updates and quick patching of vulnerabilities remain essential for protecting users and preventing widespread exploitation of software flaws.
Explosion in Dubai’s DIFC Rattles Buildings as UAE Intercepts Aerial Threat Amid Regional War Buildings in Dubai’s financial hub were […]
Google Brings Built-In AI Features to Chrome in India With Support for 8 Indic Languages Google has announced the integration […]
BCCI Announces Schedule for First Phase of TATA IPL 2026; Tournament Begins March 28 New Delhi: The Board of Control for […]
LPG Shortage Crisis in India Puts Hotels and Restaurants at Risk of Closure India’s hospitality sector is facing growing uncertainty […]
U.S. President Donald Trump has blamed Iran for an explosion that struck a school in southern Iran and reportedly killed more than …
“Unconditional Apology”: NCERT Withdraws Class 8 Textbook After Supreme Court Rap The National Council of Educational Research and Training (NCERT) […]