CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 09, 2026

Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now

The Hacker News Archived Jun 09, 2026 ✓ Full text saved

Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2026-11645 (CVSS score: 8.8), has been described as an out-of-bounds memory access in V8, Chrome's JavaScript and WebAssembly engine. "Out-of-bounds read and write in V8 in Google Chrome prior to 149.0.7827.103

Full text archived locally
✦ AI Summary · Claude Sonnet


    Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now Ravie LakshmananJun 09, 2026Vulnerability / Browser Security Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2026-11645 (CVSS score: 8.8), has been described as an out-of-bounds memory access in V8, Chrome's JavaScript and WebAssembly engine. "Out-of-bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page," reads a description of the flaw in the NIST's National Vulnerability Database (NVD). A security researcher named "303f06e3" has been credited with discovering and reporting the flaw on April 27, 2026. The researcher has been awarded a bug bounty of $55,000 for responsible disclosure. As is customary in these cases, Google acknowledged that an "exploit for CVE-2026-11645 exists in the wild," but stopped short of sharing additional specifics to ensure that a majority of the users are updated with a fix and to prevent further exploitation. With the latest development, Google has addressed a total of five actively exploited Chrome zero-days since the start of the year. This includes CVE-2026-2441, CVE-2026-3909, CVE-2026-3910, and CVE-2026-5281. For optimal protection, users are advised to update their Chrome browser to versions 149.0.7827.102/.103 for Windows and Apple macOS, and 149.0.7827.102 for Linux. To make sure the latest updates are installed, users can navigate to More > Help > About Google Chrome and select Relaunch. Users of other Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, are also advised to apply the fixes as and when they become available. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  browser security, Code Execution, cybersecurity, Google Chrome, V8, Vulnerability, Zero-Day ⚡ Top Stories This Week ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure Malicious npm Package Stole Files From Claude AI User Directory via GitHub Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit ⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal ⭐ Featured Resources Watch AI Turn Vulnerabilities Into Working Exploits in Minutes (See the Demo) Learn How to Stop Attacks Before They Reach Your EDR – With PHASR Your Employees Are Using AI in Ways You Can’t See – 2026 State of AI Report [Guide] The Real Security Risks of Shadow AI (And Where You’re Exposed)
    💬 Team Notes
    Article Info
    Source
    The Hacker News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 09, 2026
    Archived
    Jun 09, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗