Google on Thursday launched security updates for its Chrome internet browser to handle two high-severity vulnerabilities that it stated have been exploited within the wild.
The listing of vulnerabilities is as follows –
- CVE-2026-3909 (CVSS rating: 8.8) – An out-of-bounds write vulnerability within the Skia 2D graphics library that permits a distant attacker to carry out out-of-bounds reminiscence entry through a crafted HTML web page.
- CVE-2026-3910 (CVSS rating: 8.8) – An inappropriate implementation vulnerability within the V8 JavaScript and WebAssembly engine that permits a distant attacker to execute arbitrary code inside a sandbox through a crafted HTML web page.
Each vulnerabilities have been found and reported by Google itself on March 10, 2026. As is customary in these circumstances, no particulars can be found about how the problems are being abused within the wild and who’s behind the efforts. That is completed in order to forestall different menace actors from exploiting the problems.
“Google is conscious that exploits for each CVE-2026-3909 and CVE-2026-3910 exist within the wild,” the corporate famous.
The event comes lower than a month after Google shipped fixes for a high-severity use-after-free bug in Chrome’s CSS element (CVE-2026-2441, CVSS rating: 8.8) that had additionally been exploited as a zero-day. Google has patched a complete of three actively weaponized Chrome zero-days because the begin of the 12 months.
For optimum safety, customers are suggested to replace their Chrome browser to variations 146.0.7680.75/76 for Home windows and Apple macOS, and 146.0.7680.75 for Linux. To verify the most recent updates are put in, customers can navigate to Extra > Assist > About Google Chrome and choose Relaunch.
Customers of different Chromium-based browsers, corresponding to Microsoft Edge, Courageous, Opera, and Vivaldi, are additionally suggested to use the fixes as and once they grow to be obtainable.
