Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

Chrome V8 Zero-Day Vulnerability CVE-2026-11645: A High-Severity Flaw Exploited in the Wild, Patches Now Available


Chrome V8 Zero-Day Vulnerability CVE-2026-11645: A High-Severity Flaw Exploited in the Wild, Patches Now Available. Learn more about this critical vulnerability, its impact, and how to protect yourself from potential threats.

  • Google released security updates to address 74 vulnerabilities in Chrome browser V8.
  • A high-severity vulnerability (CVE-2026-11645) has been discovered with a CVSS score of 8.8, allowing arbitrary code execution via crafted HTML pages.
  • The vulnerability was reported by security researcher "303f06e3" and rewarded with a $55,000 bug bounty.
  • Google released patches to address the vulnerability and warned users to update their Chrome browser to version 149.0.7827.102/.103.
  • Users of other Chromium-based browsers are also advised to apply patches when they become available.



    • The world of cybersecurity has witnessed another high-severity vulnerability emerge, leaving users on edge as Google released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild. The vulnerable Chrome browser is V8, a crucial JavaScript and WebAssembly engine.

    According to Google, this vulnerability, tracked as CVE-2026-11645, is an out-of-bounds memory access issue that has garnered significant attention due to its high CVSS score of 8.8. This score signifies the severity level of the vulnerability, indicating that it could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. It's worth noting that this exploit would require a malicious actor to create a specific HTML page and then trick users into opening it.

    The discovery and reporting of this flaw can be credited to security researcher "303f06e3," who, as is customary in such cases, has been awarded a bug bounty of $55,000 for responsible disclosure. The researcher identified the issue on April 27, 2026, and, following established guidelines, brought it to Google's attention.

    Google subsequently acknowledged the existence of an exploit for CVE-2026-11645 in the wild, taking immediate action by releasing security updates to address this vulnerability. This marks the fifth Chrome zero-day that Google has patched since the start of the year, including CVE-2026-2441, CVE-2026-3909, CVE-2026-3910, and CVE-2026-5281.

    To protect users from potential harm, it is recommended to update their Chrome browser to version 149.0.7827.102/.103 for Windows and Apple macOS, and 149.0.7827.102 for Linux. Users can ensure they have the latest updates by navigating to More > Help > About Google Chrome and selecting Relaunch.

    While this vulnerability has garnered significant attention due to its severity level and active exploitation in the wild, it's worth noting that users of other Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, are also advised to apply patches when they become available.

    The discovery of high-severity vulnerabilities like CVE-2026-11645 serves as a stark reminder of the importance of staying updated with the latest security patches. The constant evolution of software and its reliance on open-source components leave vulnerabilities exposed that can be exploited by malicious actors.

    In recent times, we've seen an increase in sophisticated attacks leveraging these vulnerabilities to gain unauthorized access to systems and data. As such, it's indispensable for organizations and individuals alike to prioritize cybersecurity, focusing on staying informed about the latest threats and patches.

    This incident highlights the importance of responsible disclosure practices and bug bounty programs, which not only help identify vulnerabilities but also provide financial incentives for security researchers to continue their work. It serves as a testament to the dedication of these researchers who risklessly expose vulnerabilities, allowing organizations to update and patch before malicious actors can exploit them.

    As we move forward in this digital landscape, it's crucial that cybersecurity remains at the forefront of our thoughts. Staying informed about emerging threats like CVE-2026-11645 is essential for protecting our personal data and organizational assets.

    In conclusion, while CVE-2026-11645 poses a significant threat due to its high severity level and active exploitation in the wild, the swift response from Google by releasing patches demonstrates their commitment to user safety. As we move forward, it's indispensable that we prioritize cybersecurity, leveraging tools like bug bounty programs and staying updated with the latest security patches.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/Chrome-V8-Zero-Day-Vulnerability-CVE-2026-11645-A-High-Severity-Flaw-Exploited-in-the-Wild-Patches-Now-Available-ehn.shtml

  • https://thehackernews.com/2026/06/chrome-v8-zero-day-cve-2026-11645.html

  • https://nvd.nist.gov/vuln/detail/CVE-2026-11645

  • https://www.cvedetails.com/cve/CVE-2026-11645/

  • https://nvd.nist.gov/vuln/detail/CVE-2026-2441

  • https://www.cvedetails.com/cve/CVE-2026-2441/

  • https://nvd.nist.gov/vuln/detail/CVE-2026-3909

  • https://www.cvedetails.com/cve/CVE-2026-3909/

  • https://nvd.nist.gov/vuln/detail/CVE-2026-3910

  • https://www.cvedetails.com/cve/CVE-2026-3910/

  • https://nvd.nist.gov/vuln/detail/CVE-2026-5281

  • https://www.cvedetails.com/cve/CVE-2026-5281/


    • Published: Wed Jun 10 14:51:38 2026 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us