Google has launched safety updates to handle 74 vulnerabilities, together with one which has come beneath energetic exploitation within the wild.
The high-severity vulnerability, tracked as CVE-2026-11645 (CVSS rating: 8.8), has been described as an out-of-bounds reminiscence entry in V8, Chrome’s JavaScript and WebAssembly engine.
“Out-of-bounds learn and write in V8 in Google Chrome previous to 149.0.7827.103 allowed a distant attacker to execute arbitrary code inside a sandbox through a crafted HTML web page,” reads a description of the flaw within the NIST’s Nationwide Vulnerability Database (NVD).
A safety researcher named “303f06e3” has been credited with discovering and reporting the flaw on April 27, 2026. The researcher has been awarded a bug bounty of $55,000 for accountable disclosure.
As is customary in these circumstances, Google acknowledged that an “exploit for CVE-2026-11645 exists within the wild,” however stopped wanting sharing extra specifics to make sure that a majority of the customers are up to date with a repair and to stop additional exploitation.
With the most recent improvement, Google has addressed a complete of 5 actively exploited Chrome zero-days for the reason that begin of the yr. This contains CVE-2026-2441, CVE-2026-3909, CVE-2026-3910, and CVE-2026-5281.
For optimum safety, customers are suggested to replace their Chrome browser to variations 149.0.7827.102/.103 for Home windows and Apple macOS, and 149.0.7827.102 for Linux. To verify the most recent updates are put in, customers can navigate to Extra > Assist > About Google Chrome and choose Relaunch.
Customers of different Chromium-based browsers, resembling Microsoft Edge, Courageous, Opera, and Vivaldi, are additionally suggested to use the fixes as and once they turn into out there.