Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: v8 (1 article)Clear

Google patches actively exploited Chrome V8 zero-day, fifth this year

Google has shipped an emergency Chrome fix for a zero-day in V8, the browser's JavaScript and WebAssembly engine, that attackers are already exploiting in the wild. The flaw (CVE-2026-11645, rated 8.8) is an out-of-bounds memory read and write that lets a malicious web page run code inside Chrome's sandbox, and can help defeat protections like ASLR to set up a fuller compromise. Google confirmed an exploit exists but withheld details until most users update. It is the fifth actively exploited Chrome zero-day of 2026. The fix is in Chrome 149.0.7827.102/103 for desktop; Chromium-based browsers like Edge and Brave need the same update.

Check
Check Chrome and Chromium-based browser versions across managed endpoints (chrome://version or MDM inventory) and confirm they are at or above the June 8 patched build.
Affected
Google Chrome desktop before 149.0.7827.102/103 on Windows, macOS, and Linux (CVE-2026-11645, a V8 out-of-bounds read/write), plus Chromium-based browsers such as Edge and Brave.
Fix
Update Chrome to 149.0.7827.102 or later and relaunch to apply it. Push the update through enterprise policy and patch all Chromium-based browsers in your fleet.