Google Patches Two High-Severity Chrome Zero-Day Vulnerabilities Under Active Exploitation
GoogleChromezero-dayvulnerabilityCVE-2026-3909Skiasecurity-updatepatchexploitout-of-bounds-writehigh-severitybrowser-security
Google released security updates for its Chrome web browser on Thursday to address two high-severity zero-day vulnerabilities actively exploited in the wild. One of the flaws, tracked as CVE-2026-3909 with a CVSS score of 8.8, is an out-of-bounds write vulnerability in the Skia 2D graphics library, allowing remote attackers to perform out-of-bounds memory access via a crafted HTML page. The second vulnerability, though not fully detailed in the notice, also affects Chrome and has been exploited before patches were issued. Both vulnerabilities are classified as high-severity, indicating significant risk to users. No additional technical details or attack vectors were disclosed beyond the Skia-related flaw.