Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now
Google released security updates this week to address 74 vulnerabilities affecting its Chrome browser, including one actively exploited zero-day. The critical vulnerability, identified as CVE-2026-11645, carries a CVSS score of 8.8 and is characterized as an out-of-bounds memory access flaw within V8, Chrome's JavaScript and WebAssembly engine. This specific vulnerability impacts Google Chrome versions prior to 149.0.7827.103. The company has not disclosed details about the exploitation, but the urgency of the patch indicates a significant risk to users. The update also resolves 73 other vulnerabilities, with 30 classified as high severity, 38 as medium severity, and 5 as low severity. These additional vulnerabilities include issues such as heap buffer overflows, use-after-free bugs, and integer overflows across various components of the browser. Google urges all users to update their Chrome browsers immediately to protect against potential attacks leveraging CVE-2026-11645 and the other disclosed security weaknesses. The company's security team is actively monitoring for any further exploitation attempts.
Original source — read the full reporting at the publisher:
Read on The Hacker News