Google Patches 74 Chrome Vulnerabilities, Including Exploited Zero-Day
Google has issued an emergency update to address 74 vulnerabilities in Chrome, including a high-severity zero-day flaw (CVE-2026-11645) actively exploited in the wild. This marks the fifth Chrome zero-day patched in 2026 before a fix was available.
The security bulletin, released on June 8, includes fixes for 17 critical, 55 high-severity, and two medium-severity vulnerabilities. The patches will roll out gradually over the coming days and weeks for Chrome users on Windows, macOS, and Linux.
CVE-2026-11645, an out-of-bounds read and write vulnerability in Chrome’s V8 JavaScript engine, affects versions prior to 149.0.7827.103. The flaw allows remote attackers to execute arbitrary code within a sandbox via a maliciously crafted HTML page, earning a high-severity rating of 8.8. Google awarded $55,000 to the researcher (identified as 303f06e3) who reported the issue on April 27.
While Google confirmed active exploitation, it withheld further details to prevent additional attacks until most users receive the update. The company also noted that restrictions on bug details may remain if the vulnerability exists in third-party libraries still awaiting fixes.
Source: https://www.infosecurity-magazine.com/news/google-patch-chrome-vulnerability/
Google TPRM report: https://www.rankiteo.com/company/google-chrome
"id": "goo1781000631",
"linkid": "google-chrome",
"type": "Vulnerability",
"date": "6/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Chrome users on Windows, macOS, '
'and Linux',
'industry': 'Technology',
'location': 'Global',
'name': 'Google Chrome',
'type': 'Software'}],
'attack_vector': 'Maliciously crafted HTML page',
'customer_advisories': 'Users advised to update Chrome immediately.',
'date_detected': '2026-04-27',
'date_publicly_disclosed': '2026-06-08',
'description': 'Google has issued an emergency update to address 74 '
'vulnerabilities in Chrome, including a high-severity zero-day '
'flaw (CVE-2026-11645) actively exploited in the wild. This '
'marks the fifth Chrome zero-day patched in 2026 before a fix '
'was available. The security bulletin includes fixes for 17 '
'critical, 55 high-severity, and two medium-severity '
'vulnerabilities. The patches will roll out gradually for '
'Chrome users on Windows, macOS, and Linux.',
'impact': {'operational_impact': 'Remote code execution within a sandbox',
'systems_affected': 'Chrome browser (versions prior to '
'149.0.7827.103)'},
'investigation_status': 'Ongoing (details withheld to prevent additional '
'attacks)',
'post_incident_analysis': {'corrective_actions': 'Patch released; further '
'details may be disclosed '
'later',
'root_causes': 'Out-of-bounds read and write '
'vulnerability in V8 JavaScript '
'engine'},
'recommendations': 'Update Chrome to version 149.0.7827.103 or later to '
'mitigate the vulnerability.',
'references': [{'date_accessed': '2026-06-08',
'source': 'Google Security Bulletin'}],
'response': {'communication_strategy': 'Security bulletin released; details '
'withheld to prevent additional '
'attacks',
'containment_measures': 'Emergency update released (version '
'149.0.7827.103)',
'remediation_measures': 'Patches for 74 vulnerabilities, '
'including the zero-day flaw'},
'title': 'Google Patches 74 Chrome Vulnerabilities, Including Exploited '
'Zero-Day',
'type': 'Zero-Day Vulnerability',
'vulnerability_exploited': 'CVE-2026-11645 (Out-of-bounds read and write in '
'V8 JavaScript engine)'}