Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now
The Hacker NewsArchived Jun 09, 2026✓ Full text saved
Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2026-11645 (CVSS score: 8.8), has been described as an out-of-bounds memory access in V8, Chrome's JavaScript and WebAssembly engine. "Out-of-bounds read and write in V8 in Google Chrome prior to 149.0.7827.103
Full text archived locally
✦ AI Summary· Claude Sonnet
Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now
Ravie LakshmananJun 09, 2026Vulnerability / Browser Security
Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild.
The high-severity vulnerability, tracked as CVE-2026-11645 (CVSS score: 8.8), has been described as an out-of-bounds memory access in V8, Chrome's JavaScript and WebAssembly engine.
"Out-of-bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page," reads a description of the flaw in the NIST's National Vulnerability Database (NVD).
A security researcher named "303f06e3" has been credited with discovering and reporting the flaw on April 27, 2026. The researcher has been awarded a bug bounty of $55,000 for responsible disclosure.
As is customary in these cases, Google acknowledged that an "exploit for CVE-2026-11645 exists in the wild," but stopped short of sharing additional specifics to ensure that a majority of the users are updated with a fix and to prevent further exploitation.
With the latest development, Google has addressed a total of five actively exploited Chrome zero-days since the start of the year. This includes CVE-2026-2441, CVE-2026-3909, CVE-2026-3910, and CVE-2026-5281.
For optimal protection, users are advised to update their Chrome browser to versions 149.0.7827.102/.103 for Windows and Apple macOS, and 149.0.7827.102 for Linux. To make sure the latest updates are installed, users can navigate to More > Help > About Google Chrome and select Relaunch.
Users of other Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, are also advised to apply the fixes as and when they become available.
Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.
SHARE
Tweet
Share
Share
SHARE
browser security, Code Execution, cybersecurity, Google Chrome, V8, Vulnerability, Zero-Day
⚡ Top Stories This Week
ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More
OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack
PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm
GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure
Malicious npm Package Stole Files From Claude AI User Directory via GitHub
Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation
AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit
⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More
ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface
Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer
Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions
Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited
Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
⭐ Featured Resources
Watch AI Turn Vulnerabilities Into Working Exploits in Minutes (See the Demo)
Learn How to Stop Attacks Before They Reach Your EDR – With PHASR
Your Employees Are Using AI in Ways You Can’t See – 2026 State of AI Report
[Guide] The Real Security Risks of Shadow AI (And Where You’re Exposed)