Photo by Google on Wikimedia Commons
Google has rushed out an emergency security update for its Chrome browser to address a critical zero-day vulnerability (tracked as CVE-2026-4555) that the company confirms is currently being actively exploited by attackers.
The flaw is described as a high-severity type confusion bug in the V8 JavaScript engine. This type of vulnerability typically allows attackers to execute arbitrary code on the victim’s machine simply by tricking them into visiting a maliciously crafted web page.
Google acknowledged the ongoing exploitation but, as is standard practice, has withheld technical details or indicators of compromise (IoCs) until a significant portion of the user base has had time to apply the patch. This helps prevent other threat actors from reverse-engineering the fix and launching their own attacks before users are protected.
How to check if you’re affected
You are vulnerable if you are running a version of Google Chrome prior to:
- 124.0.6367.91/.92 for Windows and Mac
- 124.0.6367.91 for Linux
To check your current version and force an immediate update:
- Open Google Chrome.
- Click the three vertical dots in the top-right corner.
- Select Help > About Google Chrome.
- The browser will automatically check for new updates and install them.
- You must restart the browser for the update to take effect.
Users of other Chromium-based browsers (such as Microsoft Edge, Brave, Vivaldi, and Opera) should also watch for updates in the coming days, as they rely on the same core engine and are likely affected by the same vulnerability.