**Google** has released security updates for its Chrome web browser to address two high-severity vulnerabilities that it said have been exploited in the wild. ### Zero-Day Vulnerabilities Patched The updates address the following vulnerabilities: * **CVE-2026-3909** (CVSS score: 8.8) - An out-of-bounds write vulnerability in the **Skia** 2D graphics library. This flaw allows a remote attacker to perform out-of-bounds memory access via a crafted HTML page. * **CVE-2026-3910** (CVSS score: 8.8) - An inappropriate implementation vulnerability in the **V8** JavaScript and WebAssembly engine. This allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Both vulnerabilities were discovered and reported internally by **Google** on March 10, 2026. Details about active exploitation remain scarce to prevent further abuse. "**Google** is aware that exploits for both **CVE-2026-3909** and **CVE-2026-3910** exist in the wild," the company noted in its official announcement. ### A String of Zero-Day Exploits This update arrives shortly after **Google** patched **CVE-2026-2441**, a high-severity use-after-free bug in Chrome's CSS component, which was also exploited as a zero-day. This marks the third actively weaponized Chrome zero-day patched by **Google** since the beginning of the year. ### Update Chrome Immediately Users are strongly advised to update their Chrome browser to versions 146.0.7680.75/76 for Windows and Apple macOS, and 146.0.7680.75 for Linux. To update, navigate to More > Help > About Google Chrome and select Relaunch. Users of other Chromium-based browsers, including **Microsoft Edge**, **Brave**, **Opera**, and **Vivaldi**, should also apply the fixes as soon as they are available for their respective browsers. ### CISA Adds Vulnerabilities to KEV Catalog The U.S. **Cybersecurity and Infrastructure Security Agency (CISA)** added both **Google** Chrome vulnerabilities to its Known Exploited Vulnerabilities (**KEV**) catalog, mandating Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by March 27, 2026.