Google Patches Actively Exploited Chrome Zero-Day

Google has released an emergency security update for Chrome to address a zero-day vulnerability that's being actively exploited in the wild. The flaw is being used in targeted attacks against journalists and human rights activists.

Vulnerability Overview

CVE: CVE-2026-0412
CVSS Score: 8.8 (High)
Component: V8 JavaScript engine
Type: Type confusion vulnerability

Active Exploitation

Google's Threat Analysis Group (TAG) discovered the vulnerability being exploited by a sophisticated threat actor:

Targets include journalists in multiple countries
Attacks delivered via spear-phishing emails
Exploitation leads to full browser compromise
Evidence suggests nation-state involvement

Technical Details

The vulnerability exists in Chrome's V8 JavaScript engine:

Type: Type Confusion in V8
Impact: Remote Code Execution
Prerequisite: Visit malicious website
User Interaction: None beyond page visit

Affected Versions

Platform	Affected	Fixed Version
Windows	< 122.0.6261.95	122.0.6261.95
macOS	< 122.0.6261.95	122.0.6261.95
Linux	< 122.0.6261.95	122.0.6261.95

Update Instructions

Chrome should update automatically, but to verify:

Open Chrome menu (three dots)
Help > About Google Chrome
Chrome will check for updates
Restart browser to complete update

Chromium-Based Browsers

Other browsers using Chromium are also affected:

Microsoft Edge - Update expected shortly
Brave - Patch in progress
Opera - Update pending
Vivaldi - Working on fix

This Year's Zero-Days

This is the fourth Chrome zero-day patched in 2026:

CVE	Date	Type
CVE-2026-0089	Jan 5	WebRTC
CVE-2026-0156	Jan 12	V8
CVE-2026-0287	Jan 19	Skia
CVE-2026-0412	Jan 24	V8

Recommendations

Immediate: Update Chrome to latest version
Enable auto-updates: Ensure Chrome updates automatically
Consider Site Isolation: Already default but verify enabled
High-risk users: Consider Chrome's Enhanced Safe Browsing

Google's Statement

"We are aware of reports that an exploit for CVE-2026-0412 exists in the wild. We thank the researchers who reported this issue and are committed to protecting our users."

Sources: Google Security Blog, The Hacker News, BleepingComputer

Google Patches Actively Exploited Chrome Zero-Day

Vulnerability Overview

CVE: CVE-2026-0412
CVSS Score: 8.8 (High)
Component: V8 JavaScript engine
Type: Type confusion vulnerability

Active Exploitation

Google's Threat Analysis Group (TAG) discovered the vulnerability being exploited by a sophisticated threat actor:

Targets include journalists in multiple countries
Attacks delivered via spear-phishing emails
Exploitation leads to full browser compromise
Evidence suggests nation-state involvement

Technical Details

The vulnerability exists in Chrome's V8 JavaScript engine:

Type: Type Confusion in V8
Impact: Remote Code Execution
Prerequisite: Visit malicious website
User Interaction: None beyond page visit

Affected Versions

Platform	Affected	Fixed Version
Windows	< 122.0.6261.95	122.0.6261.95
macOS	< 122.0.6261.95	122.0.6261.95
Linux	< 122.0.6261.95	122.0.6261.95

Update Instructions

Chrome should update automatically, but to verify:

Open Chrome menu (three dots)
Help > About Google Chrome
Chrome will check for updates
Restart browser to complete update

Chromium-Based Browsers

Other browsers using Chromium are also affected:

Microsoft Edge - Update expected shortly
Brave - Patch in progress
Opera - Update pending
Vivaldi - Working on fix

This Year's Zero-Days

This is the fourth Chrome zero-day patched in 2026:

CVE	Date	Type
CVE-2026-0089	Jan 5	WebRTC
CVE-2026-0156	Jan 12	V8
CVE-2026-0287	Jan 19	Skia
CVE-2026-0412	Jan 24	V8

Recommendations

Immediate: Update Chrome to latest version
Enable auto-updates: Ensure Chrome updates automatically
Consider Site Isolation: Already default but verify enabled
High-risk users: Consider Chrome's Enhanced Safe Browsing

Google's Statement

"We are aware of reports that an exploit for CVE-2026-0412 exists in the wild. We thank the researchers who reported this issue and are committed to protecting our users."

Sources: Google Security Blog, The Hacker News, BleepingComputer

Google Patches Actively Exploited Chrome Zero-Day

Google Patches Actively Exploited Chrome Zero-Day

Vulnerability Overview

Active Exploitation

Technical Details

Affected Versions

Update Instructions

Chromium-Based Browsers

This Year's Zero-Days

Recommendations

Google's Statement

Interlock Ransomware Exploited Cisco FMC Zero-Day for 36 Days Before Disclosure

Critical Langflow RCE Flaw Exploited Within 20 Hours of Disclosure

Interlock Ransomware Has Been Exploiting Cisco FMC Zero-Day CVE-2026-20131 Since January

Google Patches Actively Exploited Chrome Zero-Day

Google Patches Actively Exploited Chrome Zero-Day

Vulnerability Overview

Active Exploitation

Technical Details

Affected Versions

Update Instructions

Chromium-Based Browsers

This Year's Zero-Days

Recommendations

Google's Statement

Interlock Ransomware Exploited Cisco FMC Zero-Day for 36 Days Before Disclosure

Critical Langflow RCE Flaw Exploited Within 20 Hours of Disclosure

Interlock Ransomware Has Been Exploiting Cisco FMC Zero-Day CVE-2026-20131 Since January

Google Patches Actively Exploited Chrome Zero-Day

Vulnerability Overview

Active Exploitation

Technical Details

Affected Versions

Update Instructions

Chromium-Based Browsers

This Year's Zero-Days

Recommendations

Google's Statement

Related Reading

Google Patches Actively Exploited Chrome Zero-Day

Vulnerability Overview

Active Exploitation

Technical Details

Affected Versions

Update Instructions

Chromium-Based Browsers

This Year's Zero-Days

Recommendations

Google's Statement

Related Reading