Google patches new Chrome zero-day flaw exploited in the wild

Google patches new Chrome zero-day flaw exploited in the wild

Google has released emergency Chrome updates to fix CVE-2026-11645, a zero-day in the V8 JavaScript engine that has been exploited in the wild. This is the fifth Chrome zero-day patched this year, following earlier fixes for flaws including CVE-2026-2441, CVE-2026-3909, CVE-2026-3910, and CVE-2026-5281. #CVE-2026-11645 #CVE-2026-2441 #CVE-2026-3909 #CVE-2026-3910 #CVE-2026-5281 #Google #Chrome #V8

Keypoints

  • Google patched an actively exploited Chrome zero-day, CVE-2026-11645.
  • The flaw affects the Chrome V8 JavaScript engine through an out-of-bounds read and write issue.
  • Attackers can use crafted HTML pages to execute code inside the browser sandbox.
  • The update is rolling out for Windows, Mac, and Linux users in Stable Desktop.
  • This is the fifth Chrome zero-day fixed by Google since the start of the year.

Read More: https://www.bleepingcomputer.com/news/security/google-patches-fifth-chrome-zero-day-bug-exploited-in-attacks-this-year/