Chrome Zero-Day Exploited by Spyware Vendor Against Journalists

Monday, March 23, 2026 at 08:00 PM UTC·Source: Google Threat Analysis Group

Updated: Tuesday, March 24, 2026 at 10:00 AM UTC

Executive Summary

Google patches V8 zero-day exploited by commercial spyware vendor. One-click full chain achieves RCE targeting journalists and activists.

Analysis

CVE-2026-1893 is a V8 type confusion enabling full sandbox escape via single malicious link. Google TAG identified a European spyware vendor targeting journalists, activists, and opposition politicians. Payload includes device monitoring, encrypted message interception, mic/camera activation.

Timeline

Discovered

Mar 19, 2026

Exploitation Detected

Mar 19, 2026

Published

Mar 23, 2026

Patch Available

Mar 23, 2026

Indicators of Compromise (1)

CVE (1)

CVE-2026-1893

NVD MITRE CVE

Source Attribution

Originally published by Google Threat Analysis Group on Mar 23, 2026. Verified by: Google TAG.

Related Threats

CRITICALZero Day

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. The activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer (requires GitHub sign-in), RedSun, and UnDefend, all of which were released as zero-days by a researcher known as Chaotic Eclipse (

Apr 17, 2026The Hacker News

CRITICALZero Day

White House moves to give federal agencies access to Anthropic’s Claude Mythos

The US government is preparing to authorize a version of Anthropic’s Claude Mythos model for use by major US federal agencies, amid concerns that the AI model could rapidly spot cybersecurity vulnerabilities and offer the ability to exploit them. Federal Chief Information Officer Gregory Barbaccia at the White House Office of Management and Budget (OMB) told officials at Cabinet departments on Tue

Apr 17, 2026CSO Online

CRITICALZero DayPOC

Caught, Quarantined, Re-installed: RedSun turns Microsoft Defender on itself

Days after Microsoft patched a high-severity issue affecting its Windows Defender antivirus tool through April’s Patch Tuesday, researchers warn of another vulnerability that could enable SYSTEM privileges through local escalation. In a newly disclosed proof-of-concept (PoC) exploit, dubbed “RedSun,” GitHub user going by the name “Nightmare Eclipse” demonstrated how Microsoft Defender’s handling o

CVE-2026-33825

Apr 17, 2026CSO Online