Security17.03.2026

Google Chrome has security flaws that are being actively exploited

Google has issued a critical patch for previously unknown bugs in Chrome that could allow threat actors to remotely install malware and take control of your web browser.

The search giant urged users not to delay downloading and installing an emergency update pushed out this week.

Last week, the Google Threat Analysis Group discovered a pair of bugs that affect important components of the Chrome web browser and ChromeOS.

Google Chrome is the most used browser in South Africa, cornering more than 75% all web traffic in the country, according to data from Statcounter GlobalStats.

In comparison, Apple’s Safari comes in at second place with just under 10% of the market share locally, thanks to the popularity of the iPhone.

The two actively-exploited vulnerabilities in Chrome and ChromeOS are tracked as CVE-2026-3909 and CVE-2026-3910.

Google indicated that these are high-priority vulnerabilities. No further specific technical details have been revealed.

Google will often withhold specific details about ongoing high-priority vulnerabilities until most users have updated their browsers. 

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” the company stated.

“We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.”

The company did say, however, that CVE-2026-3909 is an out-of-bounds write flow in Skia, Chrome’s graphics rendering engine.

Skia is Chrome’s 2D graphics library, responsible for rendering what users see in the browser, including images, icons, buttons, and text on webpages.

It is an essential component of the Chrome app and ChromeOS, without which users would not receive any visual data from the browser.

The flaw means that Skia sometimes writes visual data outside its allocated memory. Attackers can abuse memory bugs like this to overload and crash applications or even run their own code remotely.

The second bug found by Google analysts, CVE-2026-3910, affects the V8 JavaScript and WebAssembly engines and is described as an “inappropriate implementation” issue.

These components are responsible for executing scripts within Chrome and can be exploited by threat actors to launch malicious scripts when a user visits a compromised website.

A user would simply have to click a link, and threat actors could secretly run a script on their browser, without users having to download a file. This is a popular delivery method for ransomware attacks. 

This vulnerability is particularly urgent, as Google said it was actively being exploited in the wild, and users running outdated browsers can be affected.

Google released Chrome 146.0.7680.80 for Windows and Mac and 146.0.7680.80 for Linux last Friday, which is set to roll out worldwide in the coming days.

How to manually protect Chrome against the latest vulnerability

For most users, Chrome will automatically apply the update to secure their browsers. Users can also trigger the update manually through Chrome’s settings menu.

As of Monday, Google says updates have begun rolling out for ChromeOS devices, Chrome desktop, and Android that include fixes for both vulnerabilities.

To manually install the update, users should click on the three vertical dots (kebab) menu in the browser’s top-right corner, click “Help,” then “About Google Chrome.”

If the update is available in the user’s region, the browser will automatically scan for a new version and begin downloading it if available. 

Once the download is complete, relaunching Chrome will finalise the update. On mobile, which represents the vast majority of users in South Africa, this process is even simpler.

Android users should open the Google Play Store app, tap their profile icon, which contains their profile image, select “Manage apps & device,” and find the Chrome app under “Updates available.”

If an update for Chrome is available, selecting “Update” will begin the process. iOS users can also update Chrome via the App Store and by tapping their profile icon, then selecting “Update.”

Show comments

Latest news

More news

Trending news

Poll

Which grocery store has the best loyalty programme?

View Results

Loading ... Loading ...
Sign up to the MyBroadband newsletter