Google has released an emergency Chrome update patching two actively exploited zero-day vulnerabilities: CVE-2026-3909, an out-of-bounds write flaw in the Skia graphics library, and CVE-2026-3910, an inappropriate implementation issue in the V8 JavaScript engine. Both bugs were discovered in-house and are confirmed to have exploits in the wild, though Google has withheld technical details until most users are patched. This brings Chrome's total actively exploited zero-days in 2026 to three. The update is rolling out automatically for Windows, macOS, and Linux, and users can also trigger it manually via Chrome's settings.
Sort: