Google has issued critical security updates to mitigate 74 vulnerabilities in its Chrome browser, including a high-risk flaw currently being exploited. Known as CVE-2026-11645, this vulnerability is marked with a CVSS score of 8.8 and involves out-of-bounds memory access in Chrome’s V8 engine, which handles JavaScript and WebAssembly.
Details of the CVE-2026-11645 Vulnerability
The CVE-2026-11645 vulnerability was identified as an out-of-bounds read and write issue within Google’s V8 engine. This flaw allows a remote attacker to execute arbitrary code through a specifically crafted HTML page, posing significant security risks. The flaw was initially reported on April 27, 2026, by a security researcher known by the alias “303f06e3,” who was awarded $55,000 for their responsible disclosure efforts.
Google’s Response and Mitigation Efforts
In response to this critical vulnerability, Google confirmed the existence of active exploits related to CVE-2026-11645 but refrained from releasing detailed information. This approach aims to ensure widespread user protection by encouraging timely updates before potential attackers can further exploit the vulnerability.
Throughout 2026, Google has addressed five zero-day vulnerabilities in Chrome, including CVE-2026-2441, CVE-2026-3909, CVE-2026-3910, and CVE-2026-5281. Users are strongly advised to update their browsers to the latest versions to maintain optimal security.
Updating Chrome and Other Browsers
To safeguard against these vulnerabilities, users should update Chrome to versions 149.0.7827.102 or 149.0.7827.103 for Windows and macOS, and version 149.0.7827.102 for Linux. This can be done by navigating to More > Help > About Google Chrome and clicking on Relaunch.
Additionally, users of other Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, should apply the provided security patches as they become available to prevent potential security breaches.
Staying updated with the latest security patches is crucial in maintaining a secure browsing environment. As vulnerabilities like CVE-2026-11645 continue to be discovered, timely updates are essential in protecting against potential exploits.
