Google issues emergency patch for two Chrome zero-days exploited in the wild. π
CVE-2026-3909 & CVE-2026-3910 Β· Severity 8.8 Β· Active Zero-Day Exploitation in Chrome.
@[Google](urn:li:organization:1441) has released emergency security updates to address two high-severity vulnerabilities in Chrome that are being actively weaponized. CVE-2026-3909 involves an out-of-bounds write in the Skia graphics library, while CVE-2026-3910 is an inappropriate implementation in the V8 JavaScript engine.
Both flaws can be triggered via crafted HTML pages to achieve remote code execution (RCE) or sandbox escapes. Evidence suggests these vulnerabilities are being targeted by commercial spyware vendors to compromise high-value targets. This is the third emergency update for Chrome in early 2026, highlighting the intense focus on browser-based initial access.
The uncomfortable truth: Your browser is the most frequently targeted entry point in your enterprise, and the window between a new zero-day and its mass exploitation is now measured in hours.
β Force a global update for all Chrome instances to version 146.0.7680.75 or higher immediately.
β Enable hardware-enforced stack protection on all compatible Windows endpoints to mitigate RCE.
β Monitor for unusual outbound traffic originating from browser processes to unverified domains.
Have you confirmed that your browser update policy is fast enough to neutralize zero-days within 24 hours? π
#Cybersecurity #Chrome #ZeroDay #PatchManagement #CISO #CodeDefence