Google released Chrome updates to patch two high-severity zero-day vulnerabilities actively exploited in the wild: CVE-2026-3909 in the Skia graphics library and CVE-2026-3910 in the V8 JavaScript/WebAssembly engine. Users should update to Chrome 146.0.7680.75/76 (Windows/macOS) or 146.0.7680.75 (Linux) and apply vendor patches for other Chromium-based browsers. #Chrome #Skia
Keypoints
- Google patched two high-severity Chrome zero-days that have been exploited in the wild.
- CVE-2026-3909 is an out-of-bounds write in the Skia 2D graphics library (CVSS 8.8).
- CVE-2026-3910 is an inappropriate implementation in V8 allowing arbitrary code execution inside a sandbox (CVSS 8.8).
- Both issues were discovered and reported by Google on March 10, 2026, and details are withheld to limit further abuse.
- Users should update Chrome to 146.0.7680.75/76 (Windows/macOS) or 146.0.7680.75 (Linux) and apply fixes for other Chromium-based browsers when available.
Read More: https://thehackernews.com/2026/03/google-fixes-two-chrome-zero-days.html