Chrome Zero-Days & Edge Espionage: March 2026 Browser Security Update

Google Chrome Addresses Five Actively Exploited Zero-Day Vulnerabilities

• Google Chrome received emergency updates in early March 2026, patching five distinct zero-day vulnerabilities that were actively exploited in the wild.
• These critical flaws, primarily affecting the V8 JavaScript engine and other core rendering components, could lead to remote code execution and arbitrary file access.
• Users are urged to update their Chrome browsers immediately to version 123.0.6312.58 or later across Windows, macOS, and Linux to ensure protection.

Source: The Hacker News | Date: March 09, 2026

Russia-Linked APT Utilizes DRILLAPP Backdoor and Microsoft Edge Debugging for Espionage

• A Russia-linked Advanced Persistent Threat (APT) group is deploying the DRILLAPP backdoor to conduct cyber espionage against Ukrainian organizations.
• DRILLAPP leverages Microsoft Edge's legitimate debugging features and DevTools protocol to execute commands, exfiltrate sensitive data, and maintain stealthy persistence by modifying browser settings for remote debugging.
• The initial infection vector for DRILLAPP involves spear-phishing campaigns, highlighting the sophisticated abuse of built-in browser functionalities to bypass traditional security defenses.

Source: The Hacker News | Date: March 05, 2026

Threat Intelligence Briefing Highlights Multiple Chrome Zero-Days and Surging PoCs

• A recent threat intelligence briefing noted Google Chrome's multiple security updates in March 2026, which included fixes for several actively exploited zero-day vulnerabilities.
• The report emphasized the high severity of some vulnerabilities, with general mentions of CVSS 10.0 ratings in the context of recent critical disclosures, demanding immediate patching.
• Security researchers have observed a significant increase in publicly available Proof-of-Concept exploits following these patches, escalating the urgency for users to apply updates promptly.

Source: SecurityOnline.info | Date: March 09, 2026

References

1. Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents & More - The Hacker News
2. DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage - The Hacker News
3. Weekly Threat Intelligence Briefing: Chrome Zero-Days, SolarWinds RCE, and a Surge in Critical PoCs - SecurityOnline.info
4. Russia-linked APT uses DRILLAPP backdoor to spy on Ukrainian targets - Security Affairs