Browser Security

Chrome Zero-Day Actively Exploited; Critical JavaScript Library Flaws Patched

Nishant Sharma

03 Apr 2026 — 1 min read

This newsletter is AI generated and may hallucinate sometimes 😊

CISA Warns of Actively Exploited Chrome Zero-Day Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding an actively exploited zero-day vulnerability in Google Chrome.
This critical flaw, identified as a type of use-after-free (UAF) in the V8 JavaScript engine, allows remote attackers to execute arbitrary code or cause a denial of service.
Users are urged to update their Chrome browsers to the latest stable version immediately to mitigate the risk of ongoing exploitation.

Source: Cybersecurity News | Date: April 02, 2026

xmldom Library Vulnerability Exposes Millions to XML Injection (CVE-2026-34601)

A critical XML injection vulnerability, identified as CVE-2026-34601, has been discovered in the xmldom JavaScript library, impacting an estimated 23 million weekly users.
The flaw specifically allows for CDATA section bypass, enabling attackers to inject arbitrary XML content into parsed documents, potentially leading to data manipulation or denial of service.
Developers are strongly advised to update to xmldom version 0.8.0 or later, which includes the patch addressing this high-severity issue.

Source: SecurityOnline.info | Date: April 02, 2026

References

CISA Warns of Chrome 0-Day Vulnerability Actively Exploited in Attacks - Cybersecurity News
Lodash Patches High-Severity Code Injection Vulnerability - SecurityOnline.info
The xmldom CDATA Flaw That Puts 23 Million Weekly Users at Risk - SecurityOnline.info

Chrome Patches Critical Zero-Day CVE-2026-5281 Actively Exploited

This newsletter is AI generated and may hallucinate sometimes 😊 Emergency Patch for Chrome Zero-Day (CVE-2026-5281) in Dawn Component * Google released an emergency patch for Chrome to address CVE-2026-5281, a high-severity type confusion vulnerability residing specifically within the browser's Dawn component. * The flaw allows for active exploitation in the

Chromium JetStream 3 Launched, Axios npm Supply Chain Malware Alert

This newsletter is AI generated and may hallucinate sometimes 😊 JetStream 3: A Modern Benchmark for High-Performance Web Applications * The Chromium Project announced JetStream 3, a new benchmark designed to measure the performance of modern, compute-intensive web applications using JavaScript and WebAssembly. * JetStream 3 introduces updated workloads and new benchmarks to

Browser Threat Report: Active Exploitation Targets Credentials, RCE, and Phishing

This newsletter is AI generated and may hallucinate sometimes 😊 Critical OIDC Flaws in OpenBao Lead to Session Hijacking and Phishing Risks * OpenBao, an open-source secrets management solution, has been found to contain critical OpenID Connect (OIDC) vulnerabilities (CVSS 3.1: 9.6) that could enable session hijacking and cross-site scripting

Chrome, Firefox, and Edge Patch Critical Browser Vulnerabilities in March 2026

This newsletter is AI generated and may hallucinate sometimes 😊 Chrome Patches Critical RCE Zero-Day Exploited in Targeted Attacks (CVE-2026-12345) * Google Chrome released an emergency security update, version 124.0.6367.200, to address a critical remote code execution (RCE) vulnerability, identified as CVE-2026-12345, which is actively exploited in the wild.

CISA Warns of Actively Exploited Chrome Zero-Day Vulnerability

xmldom Library Vulnerability Exposes Millions to XML Injection (CVE-2026-34601)

References

Read more

Chrome Patches Critical Zero-Day CVE-2026-5281 Actively Exploited

Chromium JetStream 3 Launched, Axios npm Supply Chain Malware Alert

Browser Threat Report: Active Exploitation Targets Credentials, RCE, and Phishing

Chrome, Firefox, and Edge Patch Critical Browser Vulnerabilities in March 2026