Google has issued an emergency security update for its Chrome desktop browser to fix two high-severity zero-day vulnerabilities that are currently being exploited by attackers. These remote code execution bugs can be triggered simply by visiting a malicious website, making them a significant threat due to their low attack complexity. The patched vulnerabilities are fixed in Chrome version 146.0.7680.75 or later, which is available for Windows, macOS, and Linux. Users can protect themselves by updating to the latest version of Chrome, with version numbers 146.0.7680.75/76 for Windows and macOS, and 146.0.7680.75 for Linux, indicating a successful update1. The fact that these zero-days are already under active attack means that the window for patching is rapidly closing, making it essential for users to assess their exposure immediately. This matters to practitioners because the active exploitation of these vulnerabilities means that every moment counts in applying the patch to prevent potential security breaches.
Google patches two Chrome zero-days under active attack. Update now
⚡ High Priority
Why This Matters
Zero-day activity targeting Google means patching windows are already closing — assess your exposure immediately.
References
- Malwarebytes Labs. (2026, March 13). Google patches two Chrome zero-days under active attack. Update now. *Malwarebytes*. https://www.malwarebytes.com/blog/news/2026/03/google-patches-two-chrome-zero-days-under-active-attack-update-now
Original Source
Malwarebytes Labs
Read original →