Google on Thursday released security updates for its Chrome web browser to address two high-severity vulnerabilities that it said have been exploited in the wild.
The list of vulnerabilities is as follows - CVE-2026-3909 (CVSS score: 8.8) - An out-of-bounds write vulnerability in the Skia 2D graphics library that allows a remote attacker to perform out-of-bounds memory access via a crafted HTML
The list of vulnerabilities is as follows -
Both vulnerabilities were discovered and reported by Google itself on March 10, 2026.
As is customary in these cases, no details are available about how the issues are being abused in the wild and who is behind the efforts.
This is done so as to prevent other threat actors from exploiting the issues.
"Google is aware that exploits for both CVE-2026-3909 and CVE-2026-3910 exist in the wild," the company noted .
The development comes less than a month after Google shipped fixes for a high-severity use-after-free bug in Chrome's CSS component ( CVE-2026-2441 , CVSS score: 8.8) that had also been exploited as a zero-day.