Google is issuing an emergency security patch for its Chrome browser to address a zero-day vulnerability that is already being exploited. This marks the second and third zero-day vulnerabilities Google has had to fix in Chrome this year.
The current vulnerability, labeled CVE-2026-3910, is an issue within Google's V8 JavaScript and WebAssembly engine. Details on how the exploit is being used remain scarce, with reports emerging on March 10th.
A second zero-day, CVE-2026-3909, a weakness in the 2D graphics library Skia that could allow attackers to crash the browser or execute remote code, was also slated for this update but is now expected in a future release.
Users are strongly advised to ensure their Chrome browser is updated to the latest version, 146.0.7680.75/76 for Windows/Mac and 146.0.7680.75 for Linux. Updates are typically applied automatically when the browser is restarted, but manual checks are recommended.