Google has rolled out updated versions of Chrome 146, specifically 146.0.7680.75 and 146.0.7680.76 for Windows and macOS users, along with 146.0.7680.75 for Linux, to resolve two critical security issues. The company reports that these flaws are currently under active exploitation by attackers. This patch arrives just one day following the previous release of Chrome 146.0.7680.71 and 146.0.7680.72 for Windows and macOS, and 146.0.7680.71 for Linux, which addressed a total of 29 security problems.
In a recent entry on the Chrome Releases blog, Srinivas Sista details the two newly patched vulnerabilities, both identified by Google's internal team on February 10 and rated as high severity.
Chrome typically handles updates automatically upon availability, but users can initiate the process manually by navigating to Help > About Google Chrome in the menu.
The initial zero-day flaw, identified as CVE-2026-3909, stems from the Skia graphics library and enables unauthorized writing to memory locations beyond an allocated buffer's limits, known as an out-of-bounds write.
The other zero-day issue, CVE-2026-3910, resides in the V8 JavaScript engine and involves a flawed implementation, though specifics on the error and its implications remain undisclosed.
Google has provided no further information regarding the characteristics or extent of the attacks leveraging these weaknesses.
To maintain system security and privacy, it's essential to ensure your browser stays current, supplemented by reliable antivirus solutions. For recommendations, consider top antivirus options for Windows and leading VPN providers to counter emerging threats.
Only two days prior, on March 10, Google launched the primary Chrome 146 update, detailed in a Chrome Releases blog post, which remedied 29 security vulnerabilities, the majority uncovered by outside researchers.
Among these, CVE-2026-3913 stands out as a critical vulnerability due to a buffer overflow in the WebML component. Researcher Tobias Wienand received a $33,000 bounty for identifying it, and an extra $43,000 for CVE-2026-3915, a high-severity buffer overflow in the same component.
Of the fixes, eleven vulnerabilities were deemed high risk, with eleven more at medium risk. Google has distributed more than $200,000 in rewards to the discoverers so far, with some payouts still under review.
This piece was first published on our affiliated site PC-WELT and adapted from its original German version.
Frank Ziemann, a freelance contributor to PC-WELT since 2005, specializes in coverage of IT security topics like malware, antivirus tools, and vulnerabilities, as well as internet technologies.