嗯,用户让我用中文总结一下这篇文章的内容,控制在一百个字以内,而且不需要用“文章内容总结”之类的开头,直接写描述。首先,我需要仔细阅读这篇文章,抓住关键点。 文章主要讲的是Google发布了紧急安全更新,修复了Chrome浏览器的两个高危漏洞。这两个漏洞被用于零日攻击。第一个漏洞CVE-2026-3909是Skia图形库中的越界写入问题,可能导致浏览器崩溃或代码执行。第二个漏洞CVE-2026-3910是V8引擎中的实现问题。 Google在两天内修复了这些漏洞,并发布了新版本给桌面稳定渠道的用户。虽然更新可能需要几天或几周才能覆盖所有用户,但BleepingComputer检查时已经可以立即更新。此外,Google提到已经有证据显示这些漏洞被利用,但没有透露更多细节。 总结下来,重点包括:紧急更新、两个高危零日漏洞、修复时间、影响范围以及潜在的攻击活动。我需要用简洁的语言把这些信息浓缩到100字以内。 可能会这样组织:Google修复了Chrome的两个高危零日漏洞,涉及Skia和V8引擎的问题,并迅速发布更新以应对潜在攻击。 检查一下字数和是否涵盖了所有关键点:Google修复了Chrome的两个高危零日漏洞(CVE-2026-3909和CVE-2026-3910),分别涉及Skia图形库和V8引擎的问题,并迅速发布新版本以应对潜在攻击。 这样应该符合要求了。 </think> Google修复了Chrome浏览器中的两个高危零日漏洞(CVE-2026-3909和CVE-2026-3910),分别涉及Skia图形库和V8引擎的问题,并迅速发布新版本以应对潜在攻击。 2026-3-13 07:0:35 Author: www.bleepingcomputer.com(查看原文) 阅读量:12 收藏
Google has released emergency security updates to patch two high-severity Chrome vulnerabilities exploited in zero-day attacks.
"Google is aware that exploits for both CVE-2026-3909 & CVE-2026-3910 exist in the wild," Google said in a security advisory published on Thursday.
The first zero-day (CVE-2026-3909) stems from an out-of-bounds write weakness in Skia, an open-source 2D graphics library responsible for rendering web content and user interface elements, which attackers can exploit to crash the web browser or even gain code execution.
The second one (CVE-2026-3910) is described as an inappropriate implementation vulnerability in the V8 JavaScript and WebAssembly engine.
Google discovered both security flaws and patched them within two days of reporting for users in the Stable Desktop channel, with new versions rolling out to Windows (146.0.7680.75), macOS (146.0.7680.76), and Linux systems (146.0.7680.75).
While Google says the out-of-band update could take days or weeks to reach all users, it was immediately available when BleepingComputer checked for updates earlier today.
If you don't want to update your web browser manually, you can also have it check for updates automatically and install them at the next launch.
Although Google found evidence that attackers are exploiting this zero-day flaw in the wild, the company didn't share further details regarding these incidents.
"Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed," it noted.
These are the second and third actively exploited Chrome zero-days patched since the start of 2026. The first, tracked as CVE-2026-2441 and described as an iterator invalidation bug in CSSFontFeatureValuesMap (Chrome's implementation of CSS font feature values), was addressed in mid-February.
Last year, Google fixed a total of eight zero-days exploited in the wild, many of which were reported by Google's Threat Analysis Group (TAG), a group of security researchers known for tracking and identifying zero-days exploited in spyware attacks.
On Thursday, Google also revealed that it has paid over $17 million to 747 security researchers who reported security flaws through its Vulnerability Reward Program (VRP) in 2025.
Red Report 2026: Why Ransomware Encryption Dropped 38%
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.
如有侵权请联系:admin#unsafe.sh