Chrome Zero-Day Vulnerabilities Actively Exploited in the Wild to Execute Malicious Code

Google has put out an emergency security update for its Chrome browser after confirming that two high-severity zero-day vulnerabilities are being used in the wild This article explores security update chrome. . The stable channel has been updated to version 146.0.7680.75/76 for Windows and macOS and 146.0.7680.75 for Linux.

Users should start getting the update in the next few days and weeks. Google's own security team reported both vulnerabilities internally on March 10, 2026. They are rated as High severity, which shows how serious the threat is to Chrome users around the world. Out-of-Bounds: CVE-2026-3909 Write in Skia The first problem, CVE-2026-3909, is an out-of-bounds write vulnerability in Skia, the open-source 2D graphics engine that Chrome uses to render pages.

Out-of-bounds write bugs are especially dangerous because they let attackers overwrite memory regions next to them, which could let them run any code or crash the application. When this kind of flaw is used in a browser, it can be used to get around sandbox protections and run harmful code on the victim's computer. CVE-2026-3910: V8's implementation was not done correctly CVE-2026-3910 is the second vulnerability.

It has to do with an incorrect implementation in V8, which is Chrome's fast JavaScript and WebAssembly engine. Threat actors are always looking for flaws in V8 because JavaScript runs all the time when you browse the web, giving them a lot of chances to exploit them. An attacker could make a bad webpage that, when you visit it, makes the flaw run code in the context of the browser process.

Google has made it clear that there are exploits for both CVE-2026-3909 and CVE-2026-3910 in the wild. This means that this is an important update for everyone, including businesses and individuals. Until a large number of users have installed the patch, technical information about the bugs and any related bug tracker entries will not be made public.

This is a common practice to keep systems safe until they are protected. Ways to make things better Users and admins should update Chrome right away to lower the risk of exposure. To start an update by hand: Launch Chrome and go to Menu > Help > About Google Chrome. Chrome will automatically look for and install the most recent update.

To finish the installation, restart the browser. Companies that use enterprise policies to manage Chrome deployments should make sure that version 146.0.7680.75/76 is pushed out to all of their computers as soon as possible.

Because both flaws are actively being used, it is not a good idea to wait for the automatic rollout in high-risk environments., LinkedIn, and X for daily news about cybersecurity. Get in touch with us to have your stories featured.