
Chrome Patches Wildly Exploited V8 Zero-Day CVE-2026-11645
Google rolled out updates to fix 74 Chrome vulnerabilities, including CVE-2026-11645—a critical out-of-bounds read/write in V8 that is being exploited in the wild to execute arbitrary code via a crafted HTML page. Users should update to Chrome 149.0.7827.102/103 on Windows/macOS and 149.0.7827.102 on Linux, and apply fixes in other Chromium-based browsers as available. Google notes this is the fifth actively exploited Chrome zero-day addressed this year, alongside CVE-2026-2441, 2026-3909, 2026-3910, and 2026-5281.
