Google has issued an emergency Chrome update to address two zero-day vulnerabilities already being exploited in the wild. π
CVE-2026-3909 and CVE-2026-3910 Β· Severity 8.8 Β· Active Zero-Day Exploitation in Chrome.
The first flaw (CVE-2026-3909) is an out-of-bounds write in the Skia graphics libraryβ while the second (CVE-2026-3910) is an inappropriate implementation in the V8 JavaScript engine. Both allow remote attackers to execute arbitrary code simply by tricking a user into visiting a malicious webpage.
This marks the third actively weaponized Chrome zero-day of 2026. Because browsers are the primary window for enterprise usersβ these flaws are high-value targets for initial access and commercial spyware deployment.
The uncomfortable truth: Your browser is your most exposed attack surfaceβ and the gap between zero-day discovery and mass automated exploitation is now measured in minutes.
β Force an immediate update of Google Chrome to version 146.0.7680.75 or higher across all managed endpoints.
β Enable Site Isolation and hardware-enforced stack protection on compatible Windows devices.
β Monitor for unusual outbound network activity originating from browser process parentage.
#Cybersecurity #Chrome #ZeroDay #PatchManagement #CISO #CodeDefence