Attention Chrome users: it's crucial to stay updated with the latest security patches. Google has rolled out an emergency update to address a zero-day vulnerability that has been actively exploited, alongside a second zero-day that will be fixed in a forthcoming update.
Zero-day vulnerabilities are security flaws that are either being exploited in the wild or have been publicly disclosed before an official fix is available. These recent issues mark the second and third zero-days addressed by Google in 2026, following the first patch issued in February.
Details of the Latest Chrome Security Patch
The current update tackles a vulnerability identified as CVE-2026-3910, stemming from an inappropriate implementation within V8, Google's JavaScript and WebAssembly engine. This flaw was reported by the Google Threat Analysis Group on March 10, though specific exploitation details have not been disclosed.
Google had intended to include a fix for a second zero-day, CVE-2026-3909, which involves an out-of-bounds write issue in the Skia 2D graphics library. This vulnerability could allow attackers to crash the browser or execute code remotely. The resolution for this flaw is now slated for a future update.
Steps for Chrome Users
On March 12, Google issued a Stable Channel update, so it's essential to verify that your Chrome version is up to date: 146.0.7680.75/76 for Windows and Mac, and 146.0.7680.75 for Linux. The rollout may take several days or weeks, so install the update as soon as it becomes available. You can check your version by navigating to Chrome menu > About Google Chrome.
If you frequently quit and restart your browser, the update should apply automatically. Alternatively, you can manually initiate the update by clicking the three dots in the upper-right corner of the browser window. A restart of Chrome will be required to finalize the installation.