Google has rolled out urgent security updates for Chrome, fixing 74 vulnerabilities including a dangerous zero‑day flaw already being exploited in the wild
What’s the Threat?
The bug, tracked as CVE‑2026‑11645 with a CVSS score of 8.8, stems from an out‑of‑bounds memory access in Chrome’s V8 JavaScript and WebAssembly engine. In plain terms, attackers can craft malicious HTML pages that let them run arbitrary code inside Chrome’s sandboxCurrent page.
Bigger Picture
This marks the fifth actively exploited Chrome zero‑day in 2026, following CVE‑2026‑2441, CVE‑2026‑3909, CVE‑2026‑3910, and CVE‑2026‑5281. It’s a clear reminder that browsers remain prime targets for attackers.
How to Protect Yourself
- Update Chrome immediately to version 149.0.7827.102/.103 on Windows and macOS, or 149.0.7827.102 on Linux.
- Go to More > Help > About Google Chrome and hit Relaunch to apply updates.
- Users of Edge, Brave, Opera, and Vivaldi should also patch as soon as fixes are released.
XEye Security Insight
Zero‑day exploits highlight why patch management and continuous monitoring are critical. At XEye Security, we help organizations stay ahead of threats by combining real‑time intelligence with proactive defense strategies.
