CVE-2026-11645

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103

Description An out-of-bounds read and write issue exists in V8, the JavaScript engine used by Google Chrome. This flaw allows a remote attacker to execute arbitrary code inside the browser sandbox by enticing a user to visit a specially crafted HTML page. The issue can also be used to bypass security mechanisms such as ASLR (Address Space Layout Randomization), which is a technique used to prevent exploitation by randomly arranging the address space positions of key data areas of a process. This flaw has been actively exploited in the wild.

Recommendations Update Google Chrome to version 149.0.7827.103 or later. After installing the update, fully restart the browser to activate the patched version.