Google has released emergency security updates for Chrome to patch two high-severity vulnerabilities that are currently being exploited by attackers. These flaws, found in the Skia graphics library and the V8 engine, require users to update their browsers immediately to version 146.0.7680.75 or higher.
Google officially rolled out security patches this Thursday to address a pair of high-severity flaws within the Chrome web browser. The company confirmed that both vulnerabilities have already been weaponized in real-world attacks, making them zero-day threats. These issues were internally identified by Google researchers earlier this week, leading to a rapid response to protect the global user base from potential memory corruption or unauthorized code execution.
The first vulnerability, tracked as CVE-2026-3909, involves an out-of-bounds write issue within the Skia 2D graphics library. This flaw allows a remote attacker to trigger memory access errors simply by tricking a user into visiting a specially crafted HTML page. The second bug, CVE-2026-3910, is a flaw in the V8 JavaScript engine that could allow an attacker to bypass security boundaries and execute arbitrary code. Both vulnerabilities carry a high-severity CVSS score of 8.8, reflecting their significant risk to system integrity.
In line with standard security protocols, Google has withheld specific technical details regarding how these exploits are being used or the identity of the threat actors involved. Limiting the public availability of exploit data is a deliberate move intended to prevent more hackers from adopting the same techniques before the majority of users have had a chance to apply the fix. The company simply acknowledged that it is aware of active exploitation occurring in the wild for both identified flaws.
This latest update follows a busy start to the year for Google’s security teams, marking the third time since January that they have had to patch a zero-day vulnerability. Just last month, the company addressed a similar high-severity bug in the CSS component that was also being actively targeted. The frequency of these discoveries highlights a persistent effort by attackers to find weaknesses in the core components of the world’s most popular web browser.
To stay safe, users are urged to manually check for updates by navigating to the About Google Chrome section of their browser settings and performing a relaunch. While the fixes are currently rolling out for Chrome on Windows, macOS, and Linux, the underlying issues also affect other browsers built on the Chromium platform. Consequently, individuals using Microsoft Edge, Brave, or Opera should remain vigilant and install any pending security updates as soon as they are provided by their respective developers.
Source: Google Patches Two Chrome Zero-Days Exploited In The Wild In Skia And V8 Engines