Chrome emergency update: Two attacked code-injection vulnerabilities patched
Google released an emergency update for Chrome on Friday night. It patches two security vulnerabilities that were attacked on the internet.
(Image: heise online / dmk)
On Friday night, Google released an emergency update for the Chrome web browser. In it, the developers are closing two high-risk security vulnerabilities that are already being attacked on the internet.
In the version announcement, Google writes that a vulnerability in Chrome's Skia graphics library can access memory areas outside of the intended boundaries by rendering carefully prepared web pages, thus writing memory contents (CVE-2026-3909, no CVSS score, risk according to Google "high"). The second security vulnerability is in the V8 JavaScript engine and, due to an "inappropriate implementation," allows attackers to execute arbitrary code in a sandbox when displaying a manipulated web page (CVE-2026-3910, no CVSS score, risk according to Google "high").
"Google is aware that exploits for both CVE-2026-3909 and CVE-2026-3910 exist in the wild," the developers add. However, they remain silent about the nature and extent of the attacks. They do not list any further security vulnerabilities that the updated version would address. Users of Chrome should ensure that their web browser is up to date immediately.
Chrome: Error-corrected versions
Versions Chrome 146.0.7680.115 for Android, 146.0.7680.75 for Linux, and 146.0.7680.75/76 for macOS and Windows close the security vulnerabilities already attacked on the internet. On Android, Google's Play Store often delivers the update – with a significant delay; the update cannot be forced here if the new version is not yet offered. On Linux, Chrome users usually have to start their distribution's software manager and search for updates. In Windows, the version dialog shows the currently running software version and offers to install the update if available. It opens after clicking the icon with the three stacked dots to the right of the address bar, then navigate to "Help" – "About Google Chrome".
Videos by heise
Just on Thursday night of this week, it became known that the scheduled Chrome update from Wednesday had patched a total of 29 security vulnerabilities for the 146 development branch. One of them was even considered a critical threat.
(dmk)
