Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now - The Hacker News
The Hacker NewsArchived Jun 09, 2026✓ Full text saved
Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now The Hacker News
Full text archived locally
✦ AI Summary· Claude Sonnet
Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now
Ravie LakshmananJun 09, 2026Vulnerability / Browser Security
Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild.
The high-severity vulnerability, tracked as CVE-2026-11645 (CVSS score: 8.8), has been described as an out-of-bounds memory access in V8, Chrome's JavaScript and WebAssembly engine.
"Out-of-bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page," reads a description of the flaw in the NIST's National Vulnerability Database (NVD).
A security researcher named "303f06e3" has been credited with discovering and reporting the flaw on April 27, 2026. The researcher has been awarded a bug bounty of $55,000 for responsible disclosure.
As is customary in these cases, Google acknowledged that an "exploit for CVE-2026-11645 exists in the wild," but stopped short of sharing additional specifics to ensure that a majority of the users are updated with a fix and to prevent further exploitation.
With the latest development, Google has addressed a total of five actively exploited Chrome zero-days since the start of the year. This includes CVE-2026-2441, CVE-2026-3909, CVE-2026-3910, and CVE-2026-5281.
For optimal protection, users are advised to update their Chrome browser to versions 149.0.7827.102/.103 for Windows and Apple macOS, and 149.0.7827.102 for Linux. To make sure the latest updates are installed, users can navigate to More > Help > About Google Chrome and select Relaunch.
Users of other Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, are also advised to apply the fixes as and when they become available.
Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.
SHARE
Tweet
Share
Share
SHARE
browser security, Code Execution, cybersecurity, Google Chrome, V8, Vulnerability, Zero-Day
⚡ Top Stories This Week
Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation
GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure
Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer
ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More
Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited
⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More
Malicious npm Package Stole Files From Claude AI User Directory via GitHub
ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface
Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions
OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack
AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites
Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit
PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
Load More ▼
⭐ Featured Resources
[Guide] The Real Security Risks of Shadow AI (And Where You’re Exposed)
Learn How to Stop Attacks Before They Reach Your EDR – With PHASR
Watch AI Turn Vulnerabilities Into Working Exploits in Minutes (See the Demo)
Your Employees Are Using AI in Ways You Can’t See – 2026 State of AI Report