Chrome 147 & Adobe Reader Zero-Days: Browser Security Update

Adobe Reader Zero-Day Exploited via Malicious PDFs

• A zero-day vulnerability in Adobe Reader has been actively exploited since December 2025, leveraging malicious PDF documents.
• The exploitation campaigns primarily involve spear-phishing attacks to deliver the specially crafted PDFs to targets, leading to arbitrary code execution.
• This critical flaw allows attackers to achieve arbitrary code execution on compromised systems, posing a significant security risk to users.

Source: The Hacker News | Date: April 8, 2026

Microsoft's AI Integration Sparks User Choice Concerns for Browsers

• Mozilla has raised concerns about Microsoft's integration of Copilot AI into Windows, arguing it limits user choice and defaults to Edge for AI-related functions.
• The blog post criticizes Microsoft's practices for undermining open web principles and potentially forcing users into specific browser ecosystems.
• Mozilla advocates for transparent user control over browser defaults and AI feature integration to maintain a competitive and user-centric web environment.

Source: Mozilla Blog | Date: April 10, 2026

Mozilla Open-Sources 0DIN AI Security Scanner

• Mozilla has open-sourced 0DIN, an AI security scanner designed to identify vulnerabilities within artificial intelligence systems.
• The initiative aims to share hard-earned knowledge and best practices in AI security with the wider developer community.
• 0DIN's release supports the development of more secure AI-powered applications and web services, bolstering overall digital defense.

Source: Mozilla Blog | Date: April 10, 2026

Critical Chrome Vulnerabilities Patched for Arbitrary Code Execution

• Google has released security updates for Chrome addressing multiple critical vulnerabilities, including remote code execution (RCE) flaws.
• These patched vulnerabilities could allow attackers to execute arbitrary code within the context of the browser, compromising user systems.
• Users are strongly advised to update their Chrome browsers to the latest version immediately to protect against these severe security risks.

Source: CybersecurityNews | Date: April 8, 2026

Chrome 147 Patches Critical WebML and V8 Memory Flaws

• Google Chrome version 147 includes significant security updates, specifically addressing critical memory corruption vulnerabilities in its WebML and V8 JavaScript engine components.
• An $86,000 bug bounty was awarded for a use-after-free vulnerability in WebML, highlighting the severity and potential exploitability of the flaw.
• These patches are crucial for preventing remote code execution attacks and safeguarding browser integrity, prompting users to update promptly.

Source: SecurityOnline.info | Date: April 8, 2026

Active Adobe Reader Zero-Day Discovered via Malicious PDF

• Security researchers have identified an active zero-day vulnerability in Adobe Reader being exploited in the wild through carefully crafted malicious PDF documents.
• The exploitation campaign has been ongoing since December 2025, often delivered as attachments in targeted spear-phishing emails.
• This critical flaw enables attackers to gain control over affected systems, underscoring the urgency for users to apply available security updates.

Source: Security Affairs | Date: April 8, 2026

References

1. Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025 - The Hacker News
2. Old habits die hard: Microsoft tries to limit our options, this time with AI - Mozilla Blog
3. 0DIN is open-sourcing AI security and the hard-earned knowledge behind it - Mozilla Blog
4. Critical Chrome Vulnerabilities Let Attackers to Execute Arbitrary Code - CybersecurityNews
5. The $86,000 Patch: Chrome 147 Crushes “Critical” WebML Memory Flaws - SecurityOnline.info
6. Malicious PDF reveals active Adobe Reader zero-day in the wild - Security Affairs