A high-severity zero-day vulnerability, CVE-2026-11645, has been discovered in Google Chrome's V8 JavaScript engine, with a CVSS score of 8.8, indicating a significant threat1. This out-of-bounds memory access flaw affects Chrome versions prior to 149.0.7827.103 and is being actively exploited in the wild. Google has released a security update to address this vulnerability, along with 73 other flaws. The vulnerability allows for out-of-bounds read and write operations in V8, potentially enabling attackers to execute arbitrary code. Given its active exploitation, patching this vulnerability is a priority. The fact that CVE-2026-11645 is being exploited in the wild makes it a critical concern for users, who should update their Chrome browsers to the latest version as soon as possible. This vulnerability matters to practitioners because it highlights the importance of timely patching to prevent potential security breaches.
Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now
⚠️ Critical Alert
Why This Matters
CVE-2026-11645 is in active discussion involving Google — exploitation status determines whether this is patch-now or monitor.
References
- The Hacker News. (2026, June 9). Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now. *The Hacker News*. https://thehackernews.com/2026/06/chrome-v8-zero-day-cve-2026-11645.html
Original Source
The Hacker News
Read original →