"CVE-2026-3909 is an out-of-bounds write flaw in Skia, the graphics library Chrome uses to render web content and parts of its user interface. Memory corruption bugs like this can sometimes be abused by attackers to crash applications or run their own code if successfully exploited."
"The second bug, CVE-2026-3910, is described as an inappropriate implementation issue in the V8 JavaScript and WebAssembly engine, the part of Chrome responsible for executing scripts on webpages. V8 vulnerabilities are particularly valuable to attackers because they can potentially be triggered by getting a target to visit a malicious or compromised site."
"Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven't yet fixed."
Google deployed emergency patches for two previously unknown Chrome vulnerabilities being actively exploited by attackers. CVE-2026-3909 is an out-of-bounds write flaw in Skia, Chrome's graphics library, potentially enabling code execution through memory corruption. CVE-2026-3910 involves an inappropriate implementation in V8, Chrome's JavaScript and WebAssembly engine, exploitable through malicious websites. Google withholds technical details until majority user adoption to prevent further exploitation. The fixes are available in the latest Chrome Stable update for Windows, macOS, and Linux, rolling out automatically with manual update options available through settings.
#chrome-security #zero-day-vulnerabilities #emergency-patches #memory-corruption #javascript-engine-exploits
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]