Google has released an emergency update for Chrome to address two zero-day vulnerabilities that were already being exploited by attackers. The update fixes issues in the Skia graphics library and the V8 JavaScript engine, bringing the total number of actively exploited bugs in Chrome to three this year. The vulnerabilities were previously unknown, highlighting the need for prompt action to mitigate potential threats. According to reports, attackers were already targeting these vulnerabilities before the patches were released1. The swift response from Google aims to close the window of exposure for users. The fact that zero-day activity is targeting Google Chrome underscores the importance of assessing exposure immediately. This development matters to practitioners because it emphasizes the need for swift patch management to prevent exploitation of newly discovered vulnerabilities, as the window for updating is rapidly shrinking.
Google rushes Chrome update fixing two zero-days already under attack
⚡ High Priority
Why This Matters
Zero-day activity targeting Google means patching windows are already closing — assess your exposure immediately.
References
- The Register. (2026, March 13). Google rushes Chrome update fixing two zero-days already under attack. The Register. https://go.theregister.com/feed/www.theregister.com/2026/03/13/google_zeroday_chrome_update/
Original Source
The Register
Read original →