315/69 Thursday, June 11, 2026
Google Chrome has released an emergency security update to address an actively exploited zero-day vulnerability tracked as CVE-2026-11645. The flaw is the fifth Chrome zero-day vulnerability patched by Google since the beginning of 2026. Security updates are being rolled out for Windows and Linux (version 149.0.7827.102) and macOS (version 149.0.7827.103).
The vulnerability is an out-of-bounds read and write flaw in Chrome’s V8 JavaScript engine. An attacker can exploit the issue by luring a victim to a specially crafted HTML page that triggers the vulnerability, potentially leading to code execution within the browser’s sandbox environment. Successful exploitation may allow attackers to access memory outside intended boundaries through heap corruption, expose sensitive information, or cause the browser to crash.
Users and system administrators are strongly advised to update Chrome to the latest version as soon as possible. The browser version can be checked and updated by navigating to More → Help → About Google Chrome, which will automatically download available updates and prompt for a browser restart. While Chrome typically installs updates automatically during subsequent launches, manually checking for updates can significantly reduce the window of exposure and help protect systems against ongoing attacks leveraging this vulnerability.