GOOGLE has released emergency updates for a new Chrome zero-day vulnerability identified as CVE-2026-11645, affecting the V8 JavaScript engine. This flaw, the fifth actively exploited zero-day in 2026, allows for out-of-bounds memory access, potentially leading to denial of service, privilege escalation, or remote code execution. Google confirmed that an exploit for this vulnerability is already in the wild and has not disclosed technical details. This year's previous zero-day vulnerabilities include issues related to CSS, graphics libraries, and the WebGPU component.
Google patches Chrome V8 zero day being exploited in the wild
CyberSIXT Evidence Panel
Article by CyberSIXT
Timeline Coverage
Swipe to explore timeline
-
Google patches Chrome V8 flaw CVE-2026-11645 amid 74 fix update
malwarebytes.com
-
Google patches Chrome V8 zero day being exploited in the wild
securityaffairs.com
-
Google patches Chrome following exploited CVE-2026-11645 zero day
infosecurity-magazine.com
-
Google Chrome 149 fixes critical V8 zero day flaw CVE-2026-11645
securityweek.com