Google has released Chrome 149 to fix 74 vulnerabilities, including CVE-2026-11645, a zero-day in V8 that was actively exploited and could let attackers run code in a sandbox through a specially crafted HTML page. The researcher who reported it in April received $55,000, and this marks the fifth Chrome zero-day exploited in 2026. #Chrome149 #CVE-2026-11645 #V8
Keypoints
- Chrome 149 patches 74 security vulnerabilities.
- CVE-2026-11645 is a high-severity zero-day exploited in the wild.
- The flaw is an out-of-bounds read/write issue in V8.
- Attackers could use a crafted HTML page to execute code inside a sandbox.
- This is the fifth Chrome zero-day exploited in 2026.
Read More: https://www.securityweek.com/google-patches-5th-chrome-zero-day-exploited-in-2026/