Live Threats
[STRUTS]Apache Struts zero-day (CVE-2026-3101) under mass exploitation — ransomware groups deploying web shells on Java web apps. Patch immediately.|
[LAZARUS]North Korean Lazarus Group targets SMB defense contractors via fake LinkedIn recruiter profiles delivering trojanized job documents.|
[DEEPFAKE]Deepfake CEO video call fraud stole $3.2M in a single transaction. AI voice and face synthesis now indistinguishable — targeting US SMBs.|
[CHROME]CVE-2026-2356 Chrome zero-day actively exploited to deliver spyware. Update to 136.0.7103.92 immediately on all devices.|
[HIPAA]HHS finalized major HIPAA Security Rule updates — mandatory encryption at rest, MFA, and annual pen testing effective December 31, 2026.|
[CISA KEV]CISA added 15 new KEV entries this week — six are priority patches for internet-facing systems including Struts, Chrome, Cisco, Fortinet, Ivanti, and VMware.|
[STRUTS]Apache Struts zero-day (CVE-2026-3101) under mass exploitation — ransomware groups deploying web shells on Java web apps. Patch immediately.|
[LAZARUS]North Korean Lazarus Group targets SMB defense contractors via fake LinkedIn recruiter profiles delivering trojanized job documents.|
[DEEPFAKE]Deepfake CEO video call fraud stole $3.2M in a single transaction. AI voice and face synthesis now indistinguishable — targeting US SMBs.|
[CHROME]CVE-2026-2356 Chrome zero-day actively exploited to deliver spyware. Update to 136.0.7103.92 immediately on all devices.|
[HIPAA]HHS finalized major HIPAA Security Rule updates — mandatory encryption at rest, MFA, and annual pen testing effective December 31, 2026.|
[CISA KEV]CISA added 15 new KEV entries this week — six are priority patches for internet-facing systems including Struts, Chrome, Cisco, Fortinet, Ivanti, and VMware.|
View All
Google Chrome Emergency Patch: CVE-2026-1891 Zero-Day Used in Targeted Attacks
Security News/Issue #15 — March 31 – April 6, 2026
PATCH UPDATECRITICALCVE-2026-1891

Google Chrome Emergency Patch: CVE-2026-1891 Zero-Day Used in Targeted Attacks

Published April 3, 2026
3 min read
Source: Google Project Zero / Chrome Security
SHARE:
Affected Systems
Google Chrome (all versions prior to 134.0.6998.177)Microsoft Edge (Chromium-based)Brave BrowserOther Chromium-based browsers
Executive Summary

Google released an emergency update for Chrome addressing CVE-2026-1891, a type confusion vulnerability in the V8 JavaScript engine being actively exploited in targeted attacks. Update to version 134.0.6998.177 or later immediately.

Vulnerability Details

Google released an emergency security update for Chrome on April 1, 2026, addressing CVE-2026-1891, a type confusion vulnerability in Chrome's V8 JavaScript engine. Type confusion vulnerabilities occur when code accesses a resource using an incompatible type, which can lead to memory corruption and ultimately arbitrary code execution. This vulnerability is being actively exploited in targeted attacks — Google's Threat Analysis Group (TAG) confirmed exploitation before the patch was released. The vulnerability affects Chrome on Windows, macOS, and Linux.

Who Is Being Targeted

Google's Threat Analysis Group reported that CVE-2026-1891 is being exploited in targeted attacks, suggesting the initial exploitation was focused on high-value targets rather than broad opportunistic attacks. However, once a zero-day is publicly disclosed and patched, exploit code typically becomes widely available within days, enabling less sophisticated attackers to use it in broader campaigns. Organizations should treat this as an urgent update regardless of whether they believe they are a targeted organization.

How to Update

To update Chrome manually, click the three-dot menu in the upper right corner, go to Help > About Google Chrome. Chrome will automatically check for and download the latest update. After the download completes, click "Relaunch" to restart Chrome and apply the update. To verify you have the correct version, the About Chrome page should show version 134.0.6998.177 or later. For organizations managing multiple endpoints, deploy the update through your RMM tool or software deployment system. Microsoft Edge and other Chromium-based browsers will receive similar updates — check for updates in those browsers as well.

Key Takeaways & Action Items
  • Update Chrome to version 134.0.6998.177 or later immediately
  • Enable automatic updates in Chrome settings to prevent future delays
  • Other Chromium-based browsers (Edge, Brave) will also need updates — check for updates in those browsers too
  • Restart Chrome after updating to ensure the update takes effect
  • Deploy the update via your RMM tool if managing multiple endpoints
Share This
LinkedInX / TwitterEmail

Need Help With This Threat?

Our San Antonio security team can assess your exposure, apply patches, and protect your business before attackers strike.

Schedule a Security ReviewCall (210) 496-7313

Stay ahead of the next threat

Get weekly security alerts — breaches, patch updates, compliance news, and threat intel — delivered free to your inbox every week.

Breach alerts
Patch roundups
Compliance news
No spam, ever
Back to Issue #15: March 31 – April 6, 2026
PREVIOUS ARTICLE
NSA & CISA Release Top 10 Cybersecurity Misconfigurations Found in SMB Environments
NEXT ARTICLE
CMMC 2.0 Level 2 Assessments Now Required for DoD Contractors
Talk with Us