Google has addressed its fifth zero-day vulnerability in Chrome this year, a memory access bug in the V8 JavaScript engine tracked as CVE-2026-11645. This flaw allows for out-of-bounds memory access and is being actively exploited in the wild, prompting Google to release patches for Windows, macOS, and Linux platforms. A researcher, identified by the handle "303f06e3," discovered the bug on April 27 and received a $55,000 bounty for the finding1. The vulnerability's exploitation status underscores its severity, making it a priority for patching. Google's swift response to the issue highlights the company's ongoing efforts to stay ahead of emerging threats. The active discussion surrounding CVE-2026-11645 emphasizes the need for practitioners to stay vigilant and prioritize patching to prevent potential exploits. This latest development reinforces the importance of timely updates and highlights Google's commitment to rewarding security researchers for their contributions.
Chrome's zero-day Whac-A-Mole continues with fifth exploited bug of the year
⚠️ Critical Alert
Why This Matters
CVE-2026-11645 is in active discussion involving Google — exploitation status determines whether this is patch-now or monitor.
References
- The Register. (2026, June 9). Chrome's zero-day Whac-A-Mole continues with fifth exploited bug of the year. *The Register*. https://www.theregister.com/security/2026/06/09/chromes-zero-day-whac-a-mole-continues-with-fifth-exploited-bug-of-the-year/5252689
Original Source
The Register
Read original →