Google has released emergency security updates for Chrome to fix another zero-day vulnerability that has already been exploited in the wild.

This is the fifth Chrome zero-day patched by the company since the start of the year.

The vulnerability is tracked as CVE-2026-11645. Google confirmed in a security advisory on Monday that an exploit for the flaw exists in the wild.

The fix is now rolling out to users in the Stable Desktop channel. The patched versions are Chrome 149.0.7827.102 for Windows and Linux, and Chrome 149.0.7827.103 for Mac. The update comes about two weeks after the vulnerability was reported to Google by an anonymous security researcher.

Google said the update may take days or weeks to reach all users, but some users have already been able to install it manually by checking for updates. Chrome also checks for updates automatically and installs them the next time the browser is restarted.

CVE-2026-11645 is a high-severity flaw caused by an out-of-bounds read and write issue in Chrome’s V8 JavaScript engine. A remote attacker could exploit it through a specially crafted HTML page to execute code inside Chrome’s browser sandbox.

If successfully exploited, the flaw could allow attackers to access memory outside the expected buffer, which may expose sensitive data or cause the browser to crash. The bug could also help attackers bypass security protections such as ASLR, making it easier to achieve code execution when combined with another weakness.

READ
Acer Works On Fixes For Critical Wave 7 Router Zero Day Flaws


Buy ExpressVPN with PayPal or Credit Card

Advertisement