Published 14 days ago • loading... • Updated 13 days ago

Google Patches New Chrome Zero-Day Flaw Exploited in the Wild

On Tuesday, June 9, 2026, Google released emergency updates for Chrome to patch CVE-2026-11645, a high-severity zero-day vulnerability confirmed to be actively exploited in the wild.
This high-severity flaw stems from an out-of-bounds read and write weakness in the Chrome V8 JavaScript engine, marking the fifth actively exploited zero-day vulnerability Google has patched this year.
The update addresses 72 total security vulnerabilities, 17 rated critical, while Google awarded a $55,000 bounty to researcher "303f06e3," who reported the zero-day on April 27.
To ensure immediate protection, users can force the update via the "About Google Chrome" menu and restart the browser, though automatic rollouts may take several days.
Google will restrict access to bug details until a majority of users have applied the fix, a standard security practice as the company has already patched more than half of 2025's eight zero-days.

Insights by Ground AI

Podcasts & Opinions

Podcast Mention

CyberWire Daily

Daily Cybersecurity and Tech News podcast featuring Dave Bittner, Rick Howard and David Moulton

A checkmark for trust, a payload for theft.

CyberWire Daily discuss Google’s emergency Chrome update patching an actively exploited V8 out-of-bounds zero-day, the fifth so far in 2026

13 days ago

Listen to Full Episode Full Episode Unlock Timestamp

Get Vantage — Podcasts, Ratings, Timestamps

Podcasts & Opinions

23 Articles

Daily Express

Lean Right

Everyone using Chrome must restart their web browser immediately

A new Chrome update has been released and you must download it as soon as possible.

13 days ago·United Kingdom

Read Full Article

Tech Radar

Center

Update Chrome now — Google patches new zero-day flaw already being exploited

A new bug was found, allowing crooks to execute arbitrary code and possibly steal sensitive files.

13 days ago·United Kingdom

Read Full Article

The Register

Center

Chrome's zero-day Whac-A-Mole continues with fifth exploited bug of the year

Google has fixed its fifth actively exploited Chrome zero-day of 2026, and this one earned its finder a $55,000 bounty. The flaw, tracked as CVE-2026-11645, is an out-of-bounds memory access bug in Chrome's V8 JavaScript engine. Google confirmed that the vulnerability is being exploited in the wild, but has disclosed little beyond the bare technical details. The company patched the issue in the latest Stable Channel releases for Windows, macOS, …

14 days ago

Read Full Article

Forbes

Center

New Google Chrome 149 Update Patches Exploited Zero-Day

Following the largest-ever Google Chrome security fix, a new update is now available, and one vulnerability stands out: a zero-day already exploited in the wild.

14 days ago·United States

Read Full Article

BleepingComputer

Center

Google patches new Chrome zero-day flaw exploited in the wild

Google has released emergency updates to patch another Chrome zero-day vulnerability that has been exploited in the wild, the fifth such flaw patched since the start of the year.

14 days ago·New York, United States

Read Full Article

pcwelt.de

Emergency Update: Google Closes Zero-Day Vulnerability in Chrome

In the new Chrome versions 149.0.7827.102/103 for Windows and macOS, and 149.0.7827.102 for Linux, Google's software engineers have fixed more than 70 vulnerabilities, some of them critical. According to Google, one of the patched vulnerabilities is already being exploited in attacks. The makers of other Chromium-based browsers have already reacted in some cases: Brave and Microsoft Edge are already secure – Vivaldi and Opera have since followed…

13 days ago

Read Full Article

Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/year