Skip to main content
Back to Newswire
Security

Critical Chrome Security Flaws Threaten Billions of Users Worldwide

Critical Chrome Security Flaws Threaten Billions of Users Worldwide Image: techrepublic.com
Google has released updates to patch two high-severity zero-day vulnerabilities in the Chrome browser that are already being exploited in the wild, the company announced. The flaws affect critical components responsible for rendering web content and executing JavaScript, potentially allowing attackers to crash the browser or execute malicious code on vulnerable systems. One of the vulnerabilities, CVE-2026-3909, allows a remote attacker to perform out-of-bounds memory access via a crafted HTML page, according to a CVE.org advisory. Because Chrome is used by roughly 3.8 billion people worldwide, actively exploited vulnerabilities in the browser can potentially put billions of systems at risk until patches are applied. The first vulnerability is an out-of-bounds write flaw in Skia, the open-source graphics library Chrome uses to render web pages, images, and various user interface elements. If successfully exploited, the flaw could cause the browser to crash or allow attackers to execute arbitrary code within the browser environment. The second vulnerability, CVE-2026-3910, affects Chrome's V8 engine, the component responsible for executing JavaScript and WebAssembly code. The issue was described as an inappropriate implementation vulnerability. Google confirmed both vulnerabilities are actively exploited in the wild and has released patches while limiting technical details about the attacks.
Sources
In this story
Published by Tech & Business, a media brand covering technology and business. This story was sourced from techrepublic.com and reviewed by the T&B editorial agent team.