Chrome Zero-Day Vulnerabilities: What You Need to Know

What Happened: Chrome Zero-Day Vulnerabilities Detected

Recently, two chrome zero-day vulnerabilities (CVE-2026-3909 and CVE-2026-3910) were discovered and are being actively exploited. Google responded by releasing an emergency security update for Chrome. These vulnerabilities, found in the Skia graphics library and the V8 JavaScript engine, are rated as high severity and allow attackers to execute malicious code on affected systems.

  • CVE-2026-3909: Out-of-bounds write in Skia
  • CVE-2026-3910: Inappropriate implementation in V8

Google has updated Chrome to version 146.0.7680.75/76 for Windows and macOS, and version 146.0.7680.75 for Linux. Both vulnerabilities were reported by Google’s internal team and are already being used in targeted attacks.

Why It Matters: The Risks of Chrome Zero-Day Vulnerabilities

Chrome zero-day vulnerabilities are especially serious because they are exploited before users have a chance to patch. Attackers can use these flaws to bypass Chrome’s security protections and run harmful code. This can lead to data theft, system compromise, or enable further attacks across an organisation’s network.

  • Zero-day exploits can impact both individuals and businesses
  • Successful attacks may occur simply by visiting a malicious website
  • Cybercriminals often use such vulnerabilities in phishing campaigns or drive-by downloads

Because these vulnerabilities are being exploited now, prompt action is critical to reduce the risk of compromise.

What To Do: Update Chrome Immediately

Organisations and individual users should act without delay to address these chrome zero-day vulnerabilities:

  • Update Chrome to version 146.0.7680.75/76 (Windows/macOS) or 146.0.7680.75 (Linux)
  • For managed environments, deploy updates to all endpoints using IT management tools
  • Guide users to check for updates manually via: Menu → Help → About Google Chrome
  • Restart Chrome after updating to complete the installation
  • Monitor official Google channels for further advisories

Delaying updates increases the risk of attack, especially in environments that handle sensitive data. Ongoing best practices include enabling automatic updates, educating users about cyber threats, and monitoring for unusual activity.

Originally reported by Cyber Security News.

Share this bulletin
Back to Bulletins
Author
Dan Proctor Lead Engineer headshot
Dan Proctor
Category
Vulnerabilities
Published
Mar 20 - 2026
Post Tags
  • chrome
  • chrome zero-day vulnerabilities
  • patching
  • Vulnerabilities
  • zero-day
Cypro firewall showing robust network security
Secure your business.
Elevate your security, accelerate your growth. We take care of cyber security for high-growth companies, at every stage of their journey.
Get in touch
CyPro Cookie Consent

Hmmm cookies...

Our delicious cookies make your experience smooth and secure.

Privacy PolicyOkay, got it!

We use cookies to enhance your experience, analyse site traffic, and for marketing purposes. For more information on how we handle your personal data, please see our Privacy Policy.

Schedule a Call