Google has addressed a newly discovered Chrome zero-day vulnerability, identified as CVE-2026-11645, which is being actively exploited in the wild. This marks the fifth instance of a Chrome zero-day exploit in 2026. The vulnerability exists in the V8 JavaScript engine and involves an out-of-bounds memory access issue. An emergency update has been released to patch this flaw, highlighting the urgency of the situation. According to Google's advisory, an exploit for CVE-2026-11645 is known to exist in the wild1. The fact that this vulnerability is being actively exploited underscores the need for prompt action. This development is significant for practitioners, as the exploitation status of CVE-2026-11645 dictates whether immediate patching or ongoing monitoring is required, making it crucial for users to apply the update as soon as possible.
Google fixes the fifth actively exploited Chrome zero-day of 2026
⚠️ Critical Alert
Why This Matters
CVE-2026-11645 is in active discussion involving Google — exploitation status determines whether this is patch-now or monitor.
References
- SecurityAffairs. (2026, June 9). Google fixes the fifth actively exploited Chrome zero-day of 2026. *SecurityAffairs*. https://securityaffairs.com/193371/hacking/google-fixes-fifth-actively-exploited-chrome-zero-day-of-2026.html
Original Source
SecurityAffairs
Read original →