Google Patches 5th Chrome Zero-Day Exploited in 2026
Google Patches 5th Chrome Zero-Day Exploited in 2026
https://www.securityweek.com/google-patches-5th-chrome-zero-day-exploited-in-2026/
Publish Date: 2026-06-09 01:57:40
Source Domain: www.securityweek.com
Chrome 149 Patches 74 Vulnerabilities, Including High-Severity Zero-Day
Google released an urgent security update for Chrome 149, addressing 74 vulnerabilities, one of which is a zero-day actively exploited in attacks. The zero-day, CVE-2026-11645, is a high-severity out-of-bounds read/write issue in the V8 JavaScript engine that could be used to execute arbitrary code within the browser’s sandbox. Though details of the attacks exploiting this flaw are scarce, it has likely been combined with additional vulnerabilities to bypass security measures. Reported by an anonymous researcher in April and awarded $55,000, this vulnerability marks the fifth Chrome zero-day exploited this year. The recent surge in discovered Chrome flaws is attributed to Google’s use of artificial intelligence, although specific tools and models remain undisclosed. Most of the patched vulnerabilities are of critical and high severity and were found by Google itself, prompting it to cut base bug bounties for these types of vulnerabilities.
Key Points:
- Google’s Chrome 149 update fixes 74 vulnerabilities, including a high-severity zero-day.
- The zero-day CVE-2026-11645, an out-of-bounds issue in the V8 engine, is actively being exploited.
- Researchers who responsibly disclosed vulnerabilities are being rewarded; the tip about this zero-day earned $55,000.
- This marks the fifth zero-day exploited in Chrome in 2026.
- Google has seen a significant increase in discovered vulnerabilities, attributing the surge to AI, though specifics are unknown.
