Google patched two actively exploited zero-days in Chrome’s V8 JavaScript engine within the same June 2026 patch window, confirming sustained adversary focus on V8 as a browser exploitation surface. Both vulnerabilities enable arbitrary code execution via drive-by compromise with no user interaction beyond visiting a malicious page. Any unpatched Chrome installation across Windows, macOS, Linux, and Android represents a live exposure.