Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now
Summary
Google has released security updates to address 74 vulnerabilities in Chrome, including CVE-2026-11645, a high-severity out-of-bounds memory access flaw in the V8 JavaScript engine that is being actively exploited in the wild. Users are urged to update their Chrome browsers immediately to the latest version to protect against this exploit.
IFF Assessment
The active exploitation of a zero-day vulnerability in a widely used browser poses a significant risk to users and their data, making it bad news for defenders.
Severity
The CVSS score of 8.8 indicates a high-severity vulnerability due to an out-of-bounds memory access flaw, which can lead to code execution or crashes, impacting confidentiality, integrity, and availability.
Defender Context
Defenders should prioritize patching this vulnerability across their managed Chrome installations as it is being actively exploited. This serves as a reminder of the ongoing threat posed by zero-day exploits in popular software and the importance of rapid patching and endpoint detection capabilities to identify and respond to in-the-wild exploitation.