The security vulnerabilities were CVE-2026-3909 and CVE-2026-3910 and impacted key components of the internal mechanisms of the browser. One of these affects the V8 engine of the browser that runs JavaScript on the websites, and the other is Skia, which is the graphics library that renders web pages.

According to cybersecurity researchers, attackers could take advantage of these vulnerabilities, as they can use memory within the browser. In some scenarios, it might cause crashes of the browsers, expose data, or even run malicious code in the event that a computer user accesses a specially designed site.

Google acknowledged that active attacks were already noted to have been exploiting the vulnerabilities, that is, hackers were trying to use the vulnerabilities before security patches were publicly accessible. Such vulnerabilities have the potential to impact millions of devices if they are not patched, since Chrome is among the most popular browsers in the world.

To solve the threat, Google released new versions of Chrome on various operating systems such as Windows, macOS, and Linux. It is recommended that users upgrade their browsers to the most recent version so that their vulnerabilities can be fixed.

The update is being made available using the automatic update mechanism of Chrome; however, users can also perform manual checking of updates using the settings menu of the browser.

It is a common point made by security experts to install browser updates as soon as possible. Online banking, emails, and business communication are some of the sensitive activities that are done using browsers and can thus become an easy point of a cyberattack.

Maintenance of the browsers and other software is important to seal the security loopholes before the attackers can use them to attack more people on a greater scale.