Google Patches Two Chrome Zero‑Days Actively Exploited in Enterprise Attacks

Google rolled out emergency updates for Chrome addressing two critical zero‑day flaws (CVE‑2026‑XXXXX and CVE‑2026‑YYYYY) that were being leveraged in targeted campaigns against corporate users. Both vulnerabilities allow an attacker to achieve arbitrary code execution by luring a victim to a malicious web page, effectively bypassing Chrome’s sandbox isolation mechanisms.

The exploits have been observed in the wild, with threat actors using spear‑phishing emails and compromised sites to deliver the payload. For defenders, the risk is immediate compromise of endpoint integrity and potential lateral movement within the network. Organizations should prioritize deploying the patches across all managed Chrome installations, enforce strict web‑filtering policies to block known malicious URLs, and monitor for anomalous process creation or sandbox‑escape behavior tied to Chrome. Delaying remediation could result in full system takeover and data exfiltration.

Categories: Vulnerabilities & Exploits, Threat Intelligence

Source: Read original article