The latest in a series of zero-days exploits revealed last week has prompted the companies to launch a series on how to patch their software.
One vulnerability was found in a Microsoft .NET framework called MS14-073, which Microsoft has acknowledged has not been patched in a while.
The second vulnerability was discovered in an open-source web application called Google Chrome.
The third vulnerability, discovered by researchers from the company Xtreme Security, is a remote code execution vulnerability.
Both vulnerabilities were exploited in an attack last week against the Apache Web Server.
A vulnerability found in Google Chrome exploited an issue in the browser that prevents the browser from properly handling HTML tags.
The Apache Web server is one of the most popular web applications used by Internet users, and is used by more than two-thirds of all web servers.
Google Chrome and Microsoft are the only two browsers that use Apache.
Microsoft has acknowledged the flaws have been patched for at least a month.
The flaw was first reported on Oct. 30.
Google’s security team told The Associated Press it has been working with the two companies to patch the flaws, and said in a blog post that it has seen a 30 percent decrease in the number of attacks from Oct. 23 to Nov. 10, compared with the same period last year.
Google also released a security advisory to customers on Tuesday, noting that the CVE-2014-2056 vulnerability has been fixed in both Chrome and Chrome for Android, and Google’s security teams are working to resolve CVE-2015-8271, a security flaw in Google’s Chrome browser that can cause remote code injection.
“While Google has fixed CVE-2016-0279, there may still be other known vulnerabilities in the software,” Google wrote.