Google Patches Fourth Chrome Zero-Day Exploited in the Wild in 2026

Google has released an emergency update for Chrome to fix a fourth zero-day vulnerability exploited in active attacks so far in 2026, BleepingComputer reported Wednesday, continuing an unusually heavy pace of in-the-wild Chrome exploits this year. Zero-day vulnerabilities are security flaws that are unknown to the vendor and actively exploited by attackers before a patch is available. Four in a single calendar year by early April signals sustained attacker interest in Chrome as an attack surface, reflecting the browser's near-ubiquitous deployment across both consumer and enterprise environments. Chrome is the most widely used browser globally, and vulnerabilities in it are frequently targeted by nation-state actors and financially motivated criminals alike. Browser-based exploits can enable attackers to execute malicious code on a victim's machine with minimal user interaction, often requiring only that a target visit a compromised website. Google did not publicly attribute the exploitation of this specific vulnerability to a particular threat actor. The company has credited external researchers for reporting the flaw and stated that it is aware of an exploit in the wild, which is the standard disclosure language used when active exploitation has been observed. Users running Chrome on desktop platforms are urged to update immediately. Chrome typically applies updates automatically when the browser is restarted, but users can manually trigger an update through the browser's Help menu. BleepingComputer reported the patch and the exploitation details on April 1, 2026.