Google patches actively exploited Chrome V8 zero-day.
Google released emergency Chrome updates for CVE-2026-11645, a high-severity V8 JavaScript engine vulnerability exploited in the wild. BleepingComputer reported that this was the fifth Chrome zero-day patched by Google in 2026. The flaw is an out-of-bounds read/write issue that can be triggered through crafted HTML pages and may allow code execution inside the browser sandbox. Patched Chrome 149 builds were released for Windows, macOS, and Linux.