Google has patched two zero-day vulnerabilities in its Chrome browser that were being exploited in the wild, including a high-severity out-of-bounds write flaw in the Skia graphics library, assigned CVE-2026-3909 with a CVSS score of 8.81. This vulnerability allows remote attackers to access memory outside authorized boundaries via specially crafted HTML content. The updates, released on March 13, 2026, address these high-risk issues that could be used to compromise user systems. The active exploitation of CVE-2026-3909 is a significant concern, as it may require immediate patching to prevent attacks. Google's swift response to these zero-day exploits underscores the importance of keeping software up to date to prevent potential security breaches. The fact that these vulnerabilities were being actively exploited in the wild makes it crucial for users to apply the latest Chrome security updates as soon as possible, to mitigate the risk of attack.
Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8
⚠️ Critical Alert
Why This Matters
CVE-2026-3909 is in active discussion involving Google — exploitation status determines whether this is patch-now or monitor.
References
- The Hacker News. (2026, March 13). Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8. *The Hacker News*. https://thehackernews.com/2026/03/google-fixes-two-chrome-zero-days.html
Original Source
The Hacker News
Read original →