If you’re a Chrome user, this is your reminder not to ignore available security updates. Google is pushing an emergency patch for a zero-day vulnerability that has been exploited in the wild, and a second zero-day has been identified and is expected to be fixed in a future update.
As a reminder, zero-days are security vulnerabilities that have been actively exploited or publicly disclosed before the developer releases an official fix. These latest Chrome bugs are the second and third zero-days addressed so far in 2026—Google patched the first back in February.
What this Google Chrome patch fixes
The vulnerability addressed with the current update is labeled as CVE-2026-3910 and is an inappropriate implementation in V8, Google’s JavaScript and WebAssembly engine. The flaw was reported by the Google Threat Analysis Group on March 10, though no additional details as to how it has been exploited have been released.
Google initially planned to patch a second zero-day, labeled CVE-2026-3909, with this update, an out-of-bounds write weakness in the 2D graphics library (Skia). When exploited, attackers could crash Chrome or execute code remotely. The fix for that vulnerability is now expected in a future update.
What do you think so far?
What Chrome users need to do
Google released a Stable Channel update on March 12, so you should ensure you are on the latest version of Chrome: 146.0.7680.75/76 for Windows/Mac and 146.0.7680.75 for Linux. It could take several days or even weeks to roll out to everyone, so install it as soon as you see the option. You can check your version via the Chrome menu > About Google Chrome.
If you regularly quit and restart your browser, the update will be applied automatically—or you can do it manually by tapping the three dots in the top-right corner of the browser window. You’ll need to restart Chrome to finalize the update.
