Google Issues Urgent Chrome Security Update for Exploited Zero-Day Flaw - gbhackers.com
gbhackers.comArchived Jun 10, 2026✓ Full text saved
Google Issues Urgent Chrome Security Update for Exploited Zero-Day Flaw gbhackers.com
Full text archived locally
✦ AI Summary· Claude Sonnet
CVE/vulnerabilityCyber Security NewsVulnerabilities
2 min.Read
Google Issues Urgent Chrome Security Update for Exploited Zero-Day Flaw
By Divya
June 10, 2026
Share
Facebook
Twitter
Pinterest
WhatsApp
Google has released an urgent security update for its Chrome browser, addressing multiple vulnerabilities, including a zero-day flaw actively exploited in the wild. The update upgrades Chrome to version 149.0.7827.102/.103 on Windows and Mac, and to 149.0.7827.102 on Linux.
The tech giant confirmed that the zero-day vulnerability, tracked as CVE-2026-11645, involves an out-of-bounds memory access issue in the V8 JavaScript engine. Although classified as a high-severity flaw, its active exploitation significantly increases the risk, allowing attackers to execute arbitrary code via crafted web content.
Chrome Security Update
In total, Google patched 74 security vulnerabilities in this release, with a large portion categorized as critical severity. Most of these critical flaws stem from “use-after-free” memory corruption issues across various Chrome components, including Ozone, Bluetooth, TabStrip, Views, and Web Apps.
These vulnerabilities can lead to heap corruption and, if successfully exploited, could be leveraged for remote code execution.
Google has restricted detailed technical information about these vulnerabilities to prevent further exploitation until a majority of users have applied the update. The company also noted that some bugs may exist in third-party libraries, which could delay full disclosure.
Security researchers and internal teams reported the majority of the flaws in late May 2026. Google credited its advanced bug detection systems, including AddressSanitizer, MemorySanitizer, and libFuzzer, for identifying several of these issues during testing.
The presence of an actively exploited vulnerability highlights the urgency for users and organizations to update their browsers immediately. Threat actors often weaponize these flaws in drive-by download attacks or through malicious websites, leaving unpatched systems highly vulnerable.
Critical CVEs Patched
CVE ID Vulnerability Type Component Reported Date
CVE-2026-11628 Use-after-free Ozone 2026-05-25
CVE-2026-11629 Use-after-free Ozone 2026-05-26
CVE-2026-11630 Use-after-free File Input 2026-05-26
CVE-2026-11631 Use-after-free Aura 2026-05-26
CVE-2026-11632 Use-after-free TabStrip 2026-05-26
CVE-2026-11633 Use-after-free Bluetooth 2026-05-27
CVE-2026-11634 Use-after-free Gamepad 2026-05-27
CVE-2026-11635 Use-after-free Bluetooth 2026-05-27
CVE-2026-11636 Use-after-free Autofill 2026-05-27
CVE-2026-11637 Use-after-free Views 2026-05-27
CVE-2026-11638 Use-after-free Printing 2026-05-27
CVE-2026-11639 Use-after-free Compositing 2026-05-27
CVE-2026-11640 Integer overflow libyuv 2026-05-28
CVE-2026-11641 Use-after-free Bluetooth 2026-05-28
CVE-2026-11642 Use-after-free Web Apps 2026-05-29
CVE-2026-11643 Use-after-free Proxy 2026-05-29
CVE-2026-11644 Use-after-free Views 2026-05-30
Users are strongly advised to update Chrome via Settings > About Chrome to ensure they are protected against these vulnerabilities. Organizations should prioritize patch management and monitor for any signs of exploitation, particularly related to the V8 engine flaw.
Given the scale and severity of the patched issues, this update is critical for maintaining browser security and preventing potential compromise.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
Tags
cyber security
Cyber Security News
Vulnerability
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.
Hot this week
Infosec- Resources
How To Access Dark Web Anonymously and know its Secretive and Mysterious Activities
June 4, 2023
1
What is Deep Web The deep web, invisible web, or...
SOC Architecture
How to Build and Run a Security Operations Center (SOC Guide) – 2023
June 3, 2023
12
Today’s Cyber security operations center (CSOC) should have everything...
Cyber Security News
Russian Hackers Bypass EDR to Deliver a Weaponized TeamViewer Component
October 18, 2023
0
TeamViewer's popularity and remote access capabilities make it an...
Checklist
Web Server Penetration Testing Checklist – 2026
January 6, 2026
0
Web server pentesting is performed under three significant categories: identity,...
Infosec- Resources
ATM Penetration Testing – Advanced Testing Methods to Find The Vulnerabilities
June 4, 2023
4
ATM Penetration testing, Hackers have found different approaches to...
Topics
AcquisitionAdobeAdwareAIAmazonAmazon AWSAMDAndroidAnti VirusAntimalwareANY RUNApacheAPIAppleAPTArtificial IntelligenceAvastAWSAzureBackdoorBitcoinBluetoothBotnetBrowserBuffer over flowBug BountyBusinessChatbotsChatGPTChecklistChromeCiscoCISOCISO AdvisoryCloudCloud SecurityCloudflareComputer SecurityCourseCPUCross site ScriptingcryptocurrencyCryptocurrency hackCVE/vulnerabilityCyber AdvisoryCyber AICyber AttackCyber Crimecyber securityCyber security CourseCyber Security NewsCyber Security ResourcesDark WebData BreachData GovernanceDDOSDealsDeepSeekDiscordDNSDos AttackDriveDropboxEducationEmailEmail SecurityEthical HackingExploitExploitation ToolsExtratorrentsFACEBOOKFeaturedFirefoxFirefox NewsFirewallForensics ToolsgameGenAIGitHubGitLabGmailGoogleGoogle dorksGovernanceGRCHacking BooksHacksHardware HackingHBOHTMLHTTPIBMIISIncident ResponseInformation GatheringInformation Security RisksInfosec- ResourcesInsider ThreatsInstagramIntelMore
CVE/vulnerability
New Windows CTF 0-Day Vulnerability Lets Attackers Gain Elevated Privileges
0
Microsoft has disclosed a new zero-day vulnerability in the...
cyber security
Hackers Use Fake Utility Downloads to Deploy ScreenConnect and Cryptominers
0
An active cryptojacking campaign in which malicious download sites...
CVE/vulnerability
CISA Issues Alert on Actively Exploited Google Chromium Zero-Day Flaw
0
CISA has issued a new warning about an actively...
cyber security
Tax Phishing Emails Deliver In-Memory Malware to Windows Systems
0
Cybercriminals are leveraging tax-themed phishing emails to deploy sophisticated...
cyber security
Malicious npm Package ‘dbmux’ Targets Developers
0
Malware was discovered in the npm package dbmux. Any...
Cyber Security News
Windows BitLocker 0-Day Flaw Enables Security Feature Bypass Attacks
0
Microsoft has disclosed a newly identified zero-day vulnerability in...
Cyber Security News
Windows Defender Zero-Day “RoguePlanet” Lets Attackers Gain SYSTEM Privileges
0
A newly disclosed zero-day vulnerability dubbed “RoguePlanet” is affecting...
cyber security
OpenClaw AI Agent Leaks Credentials in Phishing Simulation
0
Autonomous email agents can become high‑impact phishing victims, leaking...
Related Articles
New Windows CTF 0-Day Vulnerability Lets Attackers Gain Elevated Privileges
CVE/vulnerability June 10, 2026
Hackers Use Fake Utility Downloads to Deploy ScreenConnect and Cryptominers
cyber security June 10, 2026
CISA Issues Alert on Actively Exploited Google Chromium Zero-Day Flaw
CVE/vulnerability June 10, 2026
Tax Phishing Emails Deliver In-Memory Malware to Windows Systems
cyber security June 10, 2026
Malicious npm Package ‘dbmux’ Targets Developers
cyber security June 10, 2026
Recent News
New Windows CTF 0-Day Vulnerability Lets Attackers Gain Elevated Privileges
Divya - June 10, 2026
Hackers Use Fake Utility Downloads to Deploy ScreenConnect and Cryptominers
Mayura Kathir - June 10, 2026
CISA Issues Alert on Actively Exploited Google Chromium Zero-Day Flaw
Divya - June 10, 2026
Tax Phishing Emails Deliver In-Memory Malware to Windows Systems
Mayura Kathir - June 10, 2026
Malicious npm Package ‘dbmux’ Targets Developers
Mayura Kathir - June 10, 2026
Windows BitLocker 0-Day Flaw Enables Security Feature Bypass Attacks
Divya - June 10, 2026