Update Chrome Immediately to Fix This Zero-Day Vulnerability.
If you use Chrome, we remind you to stay up-to-date with available security updates. Google is releasing an emergency update for a zero-day vulnerability that has already been exploited by attackers, and a second zero-day vulnerability has been discovered that is expected to be patched in a future update.
As a reminder, zero-day vulnerabilities are security vulnerabilities that were actively exploited or publicly disclosed before the developer released an official fix. These latest Chrome bugs are the second and third zero-day vulnerabilities patched in 2026 (Google patched the first one back in February).
What does this Google Chrome update fix?
The vulnerability fixed in the current update, designated CVE-2026-3910, is a flawed implementation in V8, Google’s JavaScript engine and WebAssembly. Google’s Threat Analysis Team reported the vulnerability on March 10, but no further details about how it was exploited were released.
Google originally planned to patch a second zero-day vulnerability, designated CVE-2026-3909, in this update—an out-of-bounds write vulnerability in the 2D graphics library (Skia). Attackers could exploit this vulnerability to crash Chrome or execute remote code. A fix for this vulnerability is expected in a future update.
What Chrome users need to do
On March 12, Google released an update to the Stable channel , so make sure you’re running the latest version of Chrome: 146.0.7680.75/76 for Windows/Mac and 146.0.7680.75 for Linux. It may take several days or even weeks for the update to reach all users, so install it as soon as the option appears. You can check your version via the Chrome menu > About Google Chrome .
If you regularly close and restart your browser, the update will be applied automatically—or you can do it manually by clicking the three dots in the upper-right corner of the browser window. You’ll need to restart Chrome to complete the update.