Chrome Zero-Day Vulnerabilities Actively Exploited in the Wild to Execute Malicious Code
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
Google has released an urgent security update for its Chrome browser after confirming that two high-severity zero-day vulnerabilities<\/a> are being actively exploited in the wild.<\/p>\n The stable channel has been updated to version 146.0.7680.75\/76 for Windows and macOS, and 146.0.7680.75 for Linux, with the rollout expected to reach users over the coming days and weeks.<\/p>\n Both vulnerabilities were reported internally by Google\u2019s own security team on March 10, 2026, and carry a High severity rating, underscoring the seriousness of the threat to Chrome users worldwide.<\/p>\n The first flaw, tracked as CVE-2026-3909, is an out-of-bounds write vulnerability residing in Skia, the open-source 2D graphics engine that powers Chrome\u2019s rendering pipeline.<\/p>\n Out-of-bounds write bugs<\/a> are particularly dangerous because they allow attackers to overwrite adjacent memory regions, potentially enabling arbitrary code execution or application crashes.<\/p>\n When exploited in a browser context, this type of vulnerability can be leveraged to escape sandbox protections and execute malicious code on the victim\u2019s system.<\/p>\n The second vulnerability, CVE-2026-3910, involves an inappropriate implementation in V8, Chrome\u2019s high-performance JavaScript and WebAssembly engine.<\/p>\n Flaws in V8 are a persistent target for threat actors because JavaScript is constantly executed during normal web browsing, creating abundant exploitation opportunities. An attacker could craft a malicious webpage that, when visited, triggers the flaw to execute code in the context of the browser process.<\/p>\n Google has explicitly confirmed<\/a> that exploits for both CVE-2026-3909 and CVE-2026-3910 exist in the wild, making this a critical update for individuals and organizations alike.<\/p>\n Technical details about the bugs and any associated bug tracker entries remain restricted until a significant portion of the user base has applied the patch, a standard practice to prevent further exploitation before systems are protected.<\/p>\n Users and administrators should update Chrome immediately to mitigate exposure. To manually trigger an update:<\/p>\n Organizations managing Chrome deployments through enterprise policies should prioritize pushing version 146.0.7680.75\/76 across their environment without delay.<\/p>\n Given the active exploitation status of both flaws, waiting for the automatic rollout is not advisable for high-risk environments.<\/p>\n Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n The post Chrome Zero-Day Vulnerabilities Actively Exploited in the Wild to Execute Malicious Code<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nCVE-2026-3909: Out-of-Bounds Write in Skia<\/strong><\/h3>\n
CVE-2026-3910: Inappropriate Implementation in V8<\/strong><\/h3>\n
Mitigations<\/strong><\/h2>\n
\n