嗯,用户让我帮忙总结一下这篇文章的内容,控制在一百个字以内,而且不需要用“文章内容总结”或者“这篇文章”这样的开头。好的,我先看看文章讲了什么。 文章主要讲的是Google修复了Chrome浏览器中的两个被积极利用的漏洞。这两个漏洞都是高危的,编号是CVE-2026-3909和CVE-2026-3910,CVSS评分都是8.8分。一个漏洞是在Skia图形库中的越界写入,另一个是在V8引擎中的实现问题,允许远程攻击者执行任意代码。 Google是在2026年3月10日发现这两个漏洞的,并且已经发布了安全更新,版本号分别是146.0.7680.75/76(Windows和Mac)和146.0.7680.75(Linux)。更新会在接下来几天到几周内推送。 另外,文章还提到在二月中旬Google修复了另一个零日漏洞CVE-2026-2441,这也是高危的。这是2026年修复的第一个被积极利用的Chrome零日漏洞。 好的,现在要总结这些内容到100字以内。需要包括Google修复了两个高危漏洞,编号和CVSS评分,漏洞类型以及更新版本。可能还要提到这是继去年之后的修复情况。 所以大致结构应该是:Google修复了Chrome中的两个高危漏洞(CVE编号),评分8.8分,分别涉及Skia和V8引擎的问题,并已发布更新至特定版本。 再检查一下字数是否合适。 </think> Google修复了Chrome浏览器中两个被积极利用的高危漏洞(CVE-2026-3909和CVE-2026-3910),评分均为8.8分。前者为Skia图形库中的越界写入问题,后者为V8引擎实现缺陷。已发布更新至版本146.0.7680.75/76(Windows/Mac)和146.0.7680.75(Linux)。 2026-3-13 10:30:33 Author: securityaffairs.com(查看原文) 阅读量:11 收藏
Google fixed two new actively exploited flaws in the Chrome browser
Google addressed two high-severity vulnerabilities in the Chrome browser that have been exploited in attacks in the wild.
Google has released security updates to address two high-severity vulnerabilities, tracked as CVE-2026-3909 and CVE-2026-3910, in the Chrome browser. The company is aware of attacks in the wild exploiting both flaws.
“Google is aware that exploits for both CVE-2026-3909 & CVE-2026-3910 exist in the wild.” reads the advisory published by the tech giant.
Google experts discovered both vulnerabilities on March 10, 2026. As usual, the company did not disclose details about the attacks exploiting these flaws or the threat actors involved.
Below are the descriptions for these vulnerabilities:
- CVE-2026-3909 (CVSS score: 8.8) – Out-of-bounds write in the Skia 2D graphics library that lets a remote attacker trigger memory corruption by tricking a user into opening a specially crafted HTML page.
- CVE-2026-3910 (CVSS score: 8.8) – Flaw in the implementation of the V8 JavaScript/WebAssembly engine that lets a remote attacker run arbitrary code within the browser sandbox using a maliciously crafted HTML page.
The company informed users that the Stable channel has been updated to version 146.0.7680.75/76 for Windows and Mac, and 146.0.7680.75 for Linux. The update will roll out over the coming days and weeks. A full list of changes in this build is available in the log.
In mid-February, Google released urgent security updates to address another high-severity zero-day vulnerability, tracked as CVE-2026-2441 (CVSS score of 8.8), in Chrome that is already being exploited in real-world attacks. The flaw is a use-after-free bug in the browser’s CSS component.
It was the first actively exploited Chrome zero-day fixed in 2026, after eight similar flaws were patched in 2025. An attacker could exploit the flaw to compromise affected systems. The issue was discovered and responsibly reported by security researcher Shaheen Fazim on February 11, 2026.
Google has confirmed that an exploit for CVE-2026-2441 exists in the wild, but has not shared details about how it is being used or which threat actor is behind the exploitation of the flaw.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Chrome)
如有侵权请联系:admin#unsafe.sh