Google has issued emergency patches for two actively exploited high-severity Chrome zero-day vulnerabilities (CVE-2026-3909 and CVE-2026-3910). The first allows remote code execution inside a sandbox via a flaw in Chrome's V8 JavaScript/WebAssembly engine; the second enables out-of-bounds memory access through a bug in Chrome's Skia graphics library, potentially exposing sensitive data. Browsers before version 146.0.7680.75 are affected. Security experts urge IT teams to patch immediately, enable automatic updates across enterprise endpoints, and consider browser isolation technologies. All Chromium-based browsers including Edge are also affected.
Sort: