Google has released a new round of security updates for its Chrome browser, addressing a total of 74 security vulnerabilities, including a high-severity zero-day flaw that has reportedly been exploited in real-world attacks.
The most critical issue, identified as CVE-2026-11645, carries a CVSS severity score of 8.8 and affects V8, Chrome’s JavaScript and WebAssembly engine. Security experts have classified the vulnerability as an out-of-bounds memory access flaw, which can potentially be leveraged by attackers to compromise affected systems.
According to the vulnerability details, the security weakness exists in versions of Google Chrome released prior to 149.0.7827.103. The flaw could allow a remote attacker to trigger unauthorized memory read and write operations by directing a target to a specially crafted HTML page.
The vulnerability has already been observed under active exploitation, making it one of the most significant issues addressed in the latest Chrome security release.
Security documentation describes the issue as an out-of-bounds read and write vulnerability within the V8 engine. Such flaws can lead to memory corruption and may provide attackers with a pathway to execute malicious code within the browser’s sandboxed environment.
The vulnerability is particularly concerning because it can be triggered remotely through a malicious webpage, requiring little interaction beyond visiting a compromised or specially designed website. This type of attack can increase the risk to users who have not yet updated their browsers to the latest version.
Google’s latest security update aims to eliminate the risk posed by CVE-2026-11645 while also addressing dozens of additional vulnerabilities discovered across various browser components.
Users and organizations are strongly encouraged to update Chrome immediately to version 149.0.7827.103 or later to protect against potential exploitation attempts.
The disclosure highlights the continuing importance of timely software updates, particularly when vulnerabilities are being actively exploited in the wild. Browser security remains a critical focus area as threat actors increasingly target widely used applications to gain access to user systems and data.
With active exploitation already confirmed, applying the latest Chrome security patches is essential to reduce exposure and maintain system security.
