GOOGLE released Chrome 149, fixing 74 vulnerabilities, including a critical zero-day (CVE-2026-11645) actively exploited that allows remote code execution through a vulnerable V8 component. Disclosed by a researcher in April, the flaw was potentially linked with a sandbox escape vulnerability. The researcher received $55,000 for the report. This marks the fifth zero-day for Chrome in 2026.
The number of discovered vulnerabilities in Chrome has increased significantly, attributed partly to AI-driven identification methods. Most issues fixed in this update were reported by Google itself.