RSS

Google patches new Chrome zero-day flaw exploited in the wild

Brajeshwar1 pts0 comments

Google patches new Chrome zero-day flaw exploited in the wild

Home<br>News<br>Security<br>Google patches new Chrome zero-day flaw exploited in the wild

Google patches new Chrome zero-day flaw exploited in the wild

By Sergiu Gatlan

June 9, 2026

02:56 AM

Google has released emergency updates to patch another Chrome zero-day vulnerability that has been exploited in the wild, the fifth such flaw patched since the start of the year.

"Google is aware that an exploit for CVE-2026-11645 exists in the wild," the company said in a Monday security advisory.

The company fixed the zero-day for users in the Stable Desktop channel, with patched versions rolling out worldwide to Windows (149.0.7827.102), Mac (149.0.7827.103), and Linux (149.0.7827.102) systems two weeks after an anonymous security researcher reported it to Google.

While Google says the security update could take days or weeks to reach all Chrome users, the update was available immediately when BleepingComputer checked for updates earlier today.

Users who prefer not to manually update their web browser can rely on Chrome to automatically check for updates and install them during the next launch.

​This high-severity zero-day vulnerability (CVE-2026-11645) stems from an out-of-bounds read and write weakness in the Chrome V8 JavaScript engine, which remote attackers can exploit via crafted HTML pages to execute arbitrary code inside the web browser's sandbox.

Successful exploitation enables them to access data beyond the memory buffer via heap corruption, exposing sensitive information or triggering a crash.

Besides unauthorized access to out-of-bounds memory, the now-patched zero-day bug could also be exploited to bypass protection mechanisms such as ASLR, making it easier to achieve code execution via another weakness.

While Google said it was aware of CVE-2024-0519 zero-day exploits used in attacks, the company has not yet shared further details about these incidents.

"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Google said. "We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed."

Since the start of the year, Google addressed four more zero-days exploited in attacks:

An iterator invalidation bug (CVE-2026-2441) in CSSFontFeatureValuesMap (Chrome's implementation of CSS font feature values), which Google addressed in mid-February.

Two other Chrome zero-day bugs exploited in attacks in March: an out-of-bounds write weakness in the Skia 2D graphics library (CVE-2026-3909), and an inappropriate implementation vulnerability in the V8 JavaScript and WebAssembly engine (CVE-2026-3910).

And a use-after-free weakness in Dawn (CVE-2026-5281), the underlying cross-platform implementation of the WebGPU standard used by the Chromium project, which Google patched in April.

Last year, Google fixed another eight zero-days exploited in the wild, many of them reported by the company's Threat Analysis Group (TAG), which is known for identifying and tracking zero-day exploits used in spyware attacks.

Test every layer before attackers do

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.<br>The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

Related Articles:

Google Chrome adds session cookie theft protection for all users<br>Google fixes one actively exploited Android zero-day, 124 flaws<br>Google accidentally exposed details of unfixed Chromium flaw<br>Google now offers up to $1.5 million for some Android exploits<br>New Gogs zero-day flaw lets hackers get remote code execution

Emergency Update

Google

Google Chrome

Web Browser

Zero-Day

Sergiu Gatlan

Sergiu is a news reporter who has covered the latest cybersecurity and technology developments for over a decade. Email or Twitter DMs for tips.

Previous Article

Next Article

Post a Comment Community Rules

You need to login in order to post a comment

Not a member yet? Register Now

You may also like:

Upcoming Webinar

Popular Stories

Critical Everest Forms Pro flaw exploited to take over WordPress sites

Critical UniFi OS bug lets hackers gain root without authentication

Hands on with Intelligent Terminal, an AI-powered Windows Terminal

Sponsor Posts

Your last pentest was 345 days ago. What changed since then?

The State of Healthcare Credential Exposure in 2026: Read the (Ungated) Report

Your AI tools are leaking sensitive data. Get a free audit.

Build cyber resilience with Wazuh: The open-source SIEM & XDR for proactive protection

Upcoming Webinar

Login

Username

Password

Remember Me

Sign in anonymously

Sign in with Twitter

Not a member yet? Register Now

Reporter

Help us understand the problem. What is going on with this comment?

Spam

Abusive or Harmful

Inappropriate content

Strong...

google zero chrome exploited flaw wild

Related Articles

The Newest Instagram "Exploit" Is the Goofiest I've Seen

ssiddharth34 ptsaccount attacker email instagram seen like

Apple WWDC 2026 Livestream

nextstep32 ptsapple stream video event live feed

Claude Fable 5

Philpax30 ptsfable claude mythos model models capabilities

It's Not Just X. It's Y

mooreds21 ptslanguage model writing like grammarly human

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.