Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Chrome V8 JavaScript engine out-of-bounds read/write zero-day exploited in the wild (CVE-2026-11645)

Vulnerability
First reported
Last updated
Happening score
H score 44
1 unique sources, 1 articles

Summary

Hide ▲

Google has patched CVE-2026-11645, a Chrome V8 JavaScript engine zero-day that was exploited in the wild and could let remote attackers run code inside the browser sandbox. The flaw was triggered with crafted HTML pages, putting Chrome users on Windows, Mac, and Linux at risk until the emergency update reached their devices. Google said the fix was rolling out through Stable Desktop builds worldwide.

Related Happenings

Chromium JavaScript background RCE flaw

Vulnerability
First: 21.05.2026 21:13 Last: 21.05.2026 21:13 Sources 1

About this happening: The unfixed **Chromium** flaw keeps **JavaScript** running after the browser is closed, creating **remote code execution** risk across **Chromium-based browsers**. A malicious sit...

Open Happening

Chrome/Dawn actively exploited use-after-free flaw (CVE-2026-5281)

Vulnerability
First: 01.04.2026 13:25 Last: 01.04.2026 13:25 Sources 1

About this happening: **Google Chrome Stable Desktop** on **Windows, macOS, and Linux** is getting an **emergency fix** for **CVE-2026-5281**, a **use-after-free** flaw in **Dawn/WebGPU**. Google says...

Open Happening

Chrome Skia and V8 exploited zero-days (multiple vulnerabilities)

Vulnerability
First: 13.03.2026 11:17 Last: 13.03.2026 11:17 Sources 1

About this happening: **Chrome** on **Windows, macOS, and Linux** is affected by two **high-severity zero-days**, **CVE-2026-3909** and **CVE-2026-3910**, that Google says were **exploited in the wild*...

Open Happening

QuickLens - Search Screen with Google Lens hit by network compromise

Incident
First: 28.02.2026 21:18 Last: 28.02.2026 21:18 Sources 1

About this happening: The **QuickLens - Search Screen with Google Lens** Chrome extension was **compromised** and used to **push malware** to about **7,000 users**, creating risk of **credential theft*...

Open Happening

Chrome CSS use-after-free security flaw (CVE-2026-2441)

Vulnerability
First: 16.02.2026 09:54 Last: 16.02.2026 09:54 Sources 1

About this happening: **Chrome** is being patched for **CVE-2026-2441**, a **high-severity use-after-free** zero-day in the browser’s **CSS component** that was **exploited in the wild**. The emergency...

Open Happening

Timeline

  1. 09.06.2026 09:56 2 articles · 2h ago

    Google rolls out emergency Chrome updates for CVE-2026-11645

    Mitigation Patch Update

    Google said an exploit for CVE-2026-11645 exists in the wild and released emergency Chrome Stable Desktop updates worldwide for Windows 149.0.7827.102, Mac 149.0.7827.103, and Linux 149.0.7827.102 after an anonymous security researcher reported the zero-day two weeks earlier. The flaw is an out-of-bounds read and write in the Chrome V8 JavaScript engine that remote attackers can trigger with crafted HTML pages to execute arbitrary code inside the browser sandbox, expose memory beyond the buffer, trigger a crash, and potentially bypass ASLR.

    Show sources
    Open in new tab