Ethical Hacking News
Google has issued a critical update to address two high-severity vulnerabilities in the Chrome browser that have been actively exploited by hackers. The flaws pose significant security risks to users and have already been exploited in real-world attacks.
Google has issued a critical update to address two high-severity vulnerabilities in the Chrome browser.CVE-2026-3909 is an out-of-bounds write vulnerability that allows remote attackers to trigger memory corruption.CVE-2026-3910 is a flaw in the V8 JavaScript/WebAssembly engine that enables remote attackers to run arbitrary code within the browser sandbox.The updates were released on March 10, 2026, and have already been rolled out to affected users.These flaws highlight the importance of keeping software up-to-date and using reputable security updates.
Google has issued a critical update to address two high-severity vulnerabilities in the Chrome browser that have been actively exploited by hackers. The two flaws, CVE-2026-3909 and CVE-2026-3910, pose significant security risks to users who rely on Google's popular web browser for their online activities.
The first vulnerability, CVE-2026-3909, is an out-of-bounds write in the Skia 2D graphics library that allows a remote attacker to trigger memory corruption by tricking a user into opening a specially crafted HTML page. This flaw has already been exploited in real-world attacks, and Google's update addresses this risk.
The second vulnerability, CVE-2026-3910, is a flaw in the implementation of the V8 JavaScript/WebAssembly engine that enables a remote attacker to run arbitrary code within the browser sandbox using a maliciously crafted HTML page. This flaw also has been exploited by hackers, and Google's update addresses this risk as well.
The updates were released on March 10, 2026, and have already been rolled out to affected users. The Stable channel of Chrome has been updated to version 146.0.7680.75/76 for Windows and Mac, and 146.0.7680.75 for Linux. A full list of changes in this build is available in the log.
It's worth noting that these flaws are not new and have already been identified by security researchers as actively exploited vulnerabilities. In mid-February, Google released urgent security updates to address another high-severity zero-day vulnerability, tracked as CVE-2026-2441 (CVSS score of 8.8), in Chrome that is already being exploited in real-world attacks.
This is the third time this year that Google has addressed a critical flaw in Chrome that is actively being exploited by hackers. In 2025, eight similar flaws were patched by the company, highlighting the importance of keeping software up-to-date and using reputable security updates.
The exploit for CVE-2026-2441 exists in the wild, but details about how it's being used or which threat actor is behind the exploitation are not yet available. This highlights the ongoing cat-and-mouse game between hackers and cybersecurity companies, where both sides constantly work to stay one step ahead of each other.
In conclusion, Google's critical update addresses two high-severity vulnerabilities in Chrome that have been exploited by hackers. The updates should be applied as soon as possible to prevent potential security risks to users.
Related Information:
https://www.ethicalhackingnews.com/articles/Google-Addresses-Critical-Chrome-Flaws-Exploited-by-Hackers-ehn.shtml
https://securityaffairs.com/189373/hacking/google-fixed-two-new-actively-exploited-flaws-in-the-chrome-browser.html
https://cyberpress.org/two-new-google-chrome-zero-day-vulnerabilities/
https://nvd.nist.gov/vuln/detail/CVE-2026-3909
https://www.cvedetails.com/cve/CVE-2026-3909/
https://nvd.nist.gov/vuln/detail/CVE-2026-3910
https://www.cvedetails.com/cve/CVE-2026-3910/
https://nvd.nist.gov/vuln/detail/CVE-2026-2441
https://www.cvedetails.com/cve/CVE-2026-2441/
Published: Fri Mar 13 05:47:48 2026 by llama3.2 3B Q4_K_M
