Google addressed two high-severity vulnerabilities in the Chrome browser that have been exploited in attacks in the wild.
Google has released security updates to address two high-severity vulnerabilities, tracked as CVE-2026-3909 and CVE-2026-3910, in the Chrome browser. The company is aware of attacks in the wild exploiting both flaws.
“Google is aware that exploits for both CVE-2026-3909 & CVE-2026-3910 exist in the wild.” reads the advisory published by the tech giant.
Google experts discovered both vulnerabilities on March 10, 2026. As usual, the company did not disclose details about the attacks exploiting these flaws or the threat actors involved.
Below are the descriptions for these vulnerabilities:
EXPLORE MORE
Democrat candidate stops attending church to avoid sitting with Trump voters
(LifeSiteNews) – Rebecca Bennett, a Democrat nominee for Congress in New Jersey,…
Cardinal Müller says Europe’s rejection of Christianity will lead to its downfall
(LifeSiteNews) — Cardinal Gerhard Müller warned during a recent conference in Rome…
SpaceX signs $30 billion AI deal with Google — RT World News
Anthropic similarly agreed to pay Elon Musk’s tech company $45 billion for…
Texas man charged with feeding abortion drugs to pregnant woman without her knowledge
(LifeSiteNews) — Texas prosecutors are moving forward with the first prosecution under…
Why the Best Open-World Games Are Ditching Quest Logs (And How ‘Little Red’ Plans to Master It)
Remember the last time you opened an open-world RPG, took one look…
Pro-Trump ‘anti-woke’ lawyer and leftist senator contend for Colombia’s presidency
Pro-Trump lawyer Abelardo de la Espriella secured a narrow lead over left-wing…
- CVE-2026-3909 (CVSS score: 8.8) – Out-of-bounds write in the Skia 2D graphics library that lets a remote attacker trigger memory corruption by tricking a user into opening a specially crafted HTML page.
- CVE-2026-3910 (CVSS score: 8.8) – Flaw in the implementation of the V8 JavaScript/WebAssembly engine that lets a remote attacker run arbitrary code within the browser sandbox using a maliciously crafted HTML page.
The company informed users that the Stable channel has been updated to version 146.0.7680.75/76 for Windows and Mac, and 146.0.7680.75 for Linux. The update will roll out over the coming days and weeks. A full list of changes in this build is available in the log.
In mid-February, Google released urgent security updates to address another high-severity zero-day vulnerability, tracked as CVE-2026-2441 (CVSS score of 8.8), in Chrome that is already being exploited in real-world attacks. The flaw is a use-after-free bug in the browser’s CSS component.
It was the first actively exploited Chrome zero-day fixed in 2026, after eight similar flaws were patched in 2025. An attacker could exploit the flaw to compromise affected systems. The issue was discovered and responsibly reported by security researcher Shaheen Fazim on February 11, 2026.
Google has confirmed that an exploit for CVE-2026-2441 exists in the wild, but has not shared details about how it is being used or which threat actor is behind the exploitation of the flaw.
