Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8

thehackernews.com · [email protected] (The Hacker News) · 12 hours ago · vulnerability

quality 3/10 · low quality

0 net

AI Summary

Google patched two high-severity zero-day vulnerabilities in Chrome (Skia and V8) that were actively exploited in the wild. CVE-2026-3909 is an out-of-bounds write in the Skia 2D graphics library triggered via crafted HTML.

Tags

zero-day out-of-bounds-write memory-safety skia v8 chrome remote-code-execution high-severity in-the-wild-exploitation

Entities

CVE-2026-3909 Google Chrome Skia V8

Google on Thursday released security updates for its Chrome web browser to address two high-severity vulnerabilities that it said have been exploited in the wild. The list of vulnerabilities is as follows - CVE-2026-3909 (CVSS score: 8.8) - An out-of-bounds write vulnerability in the Skia 2D graphics library that allows a remote attacker to perform out-of-bounds memory access via a crafted HTML

← Back to stories