Google has released an out-of-band Chrome update to patch two zero-day vulnerabilities that are already being actively exploited.

Security Boulevard is a leading cybersecurity news and information portal, offering articles, analysis, and insights on cybersecurity threats, vulnerabilities, and best practices. From the latest trends in cyber threats to expert commentary on security technologies and compliance frameworks, Security Boulevard provides resources for security professionals, IT leaders, and business executives seeking to protect their organizations from cyber attacks and data breaches.

Security Boulevard

Google has released an emergency out-of-band Chrome update patching two actively exploited zero-day vulnerabilities. CVE-2026-3909 is an out-of-bounds write in Skia (Chrome's 2D graphics library) that can corrupt memory and enable code execution, while CVE-2026-3910 is an inappropriate implementation flaw in the V8 JavaScript engine allowing arbitrary code execution inside the V8 sandbox. Both require only a user to visit a malicious webpage. The patched version is 146.0.7680.75/76. Users should update immediately via Settings > About Chrome and restart the browser.

Google patches two Chrome zero-days under active attack. Update now