Advisories 10 June 2026 / 0 Comments

Google Chrome V8 Zero-Day Under Active Exploitation (CVE-2026-11645)

Scope: Google Chrome Prior to 149.0.7827.103 (Windows/macOS) and 149.0.7827.102 (Linux), All Chromium-Based Browsers

Severity: Red

Google released an emergency Chrome update on June 8 and 9, 2026, confirming "an exploit for CVE-2026-11645 exists in the wild," marking the fifth Chrome zero-day exploited in 2026. The flaw is an out-of-bounds read and write in V8, Chrome's JavaScript and WebAssembly engine, allowing a remote attacker to execute arbitrary code inside the browser sandbox simply by directing a victim to a crafted web page with no further user interaction required. Exploitation is particularly accessible given that V8 processes JavaScript from every website a user visits, making any drive-by delivery mechanism viable. All Chromium-based browsers including Edge, Brave, and Opera share the same V8 engine and remain exposed until their respective developers ship aligned builds. Users must update Chrome immediately via chrome://settings/help, enable automatic updates, and avoid clicking unverified links until Chromium-based browsers are confirmed patched.

The Uganda National CERT and Coordination Center (CERT.UG/CC) encourages users and administrators to review the recommendations and apply the necessary updates.

Google Chrome V8 Zero-Day Under Active Exploitation (CVE-2026-11645)

Microsoft Defender "RoguePlanet" Race Condition Zero-Day Grants SYSTEM Privileges on Fully Patched Windows

Recent Advisories

Categories

Contact info

Useful Links

Subscribe to our Mailing List

Google Chrome V8 Zero-Day Under Active Exploitation (CVE-2026-11645)

RELATED ADVISORIES

Microsoft Defender "RoguePlanet" Race Condition Zero-Day Grants SYSTEM Privileges on Fully Patched Windows

Recent Advisories

Categories