What is CVE-2026-11645?
Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CISA Known Exploited Vulnerability
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
Affected product
Google Chromium V8
NVD also lists CPE entries for: Google Chrome, Apple Macos, Linux Kernel, Microsoft Windows
Remediation Steps
- Update Google Chrome to version 149.0.7827.103 or later
- Enable automatic updates to receive future security patches promptly
- Check for and remove any suspicious browser extensions
- Clear browser cache and temporary files after patching
References
- https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0153744567.html
- https://issues.chromium.org/issues/506689381
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-11645
- https://nvd.nist.gov/vuln/detail/CVE-2026-11645
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Coverage on defend.network
- Vulnerability Priority Report – Week 2 of June 2026 (June 8 – 14)
🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.