Tech giant Google has issued an urgent security warning for nearly 3.5 billion users of its web browser Google Chrome after confirming that hackers are actively exploiting two zero-day vulnerabilities.
The emergency update follows a week in which Chrome received two previous critical patches. The new release addresses CVE–2026–3909 and CVE–2026–3910, vulnerabilities described by experts as extremely severe and capable of compromising core browser functions. Google confirmed that attacks are already underway, making immediate action essential.
Zero-day vulnerabilities are security flaws exploited by hackers before a company even knows they exist. To prevent further exploitation, Google has withheld full technical details, releasing them only after most users have updated their browsers. These flaws impact core Chrome components and could allow attackers to execute serious cyber intrusions.
In an unusual move, the vulnerabilities were discovered by Google’s in-house security team, Project Zero, established in 2014. The team researches mobile operating systems, web browsers, and popular open-source libraries to uncover critical flaws, strengthen long-term security, and patch serious vulnerabilities.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged all organizations and users to update Chrome immediately, emphasizing the risks of delaying the patch. Experts warn that since Chrome is the world’s most widely used browser, users who do not update may fall victim to potentially devastating cyberattacks.
Also read: Google Pixel Update: Troubles After Latest Google Update
