Chrome 146 Zero-Days: The Skia and V8 Attack Surface
Chrome 146 patched two critical zero-days in Skia and V8, raising concerns about browser security.
In 2026, Chrome 146 received an emergency update addressing two zero-days: an out-of-bounds write in Skia and a type confusion bug in V8's JIT compiler. Both vulnerabilities, discovered by Google's Threat Analysis Group, pose significant risks by allowing attackers to potentially execute arbitrary code. The persistence of such vulnerabilities in browser engines emphasizes ongoing challenges in securing high-performance software. Organizations must adapt their security measures to mitigate these risks effectively.