Google Chrome V8 Zero-Day Vulnerability (CVE-2026-11645)Empowering

Google Chrome V8 Zero-Day Vulnerability (CVE-2026-11645)
You are here:

EXECUTIVE SUMMARY

Google has disclosed CVE-2026-11645, a high-severity zero-day vulnerability in the V8 JavaScript and WebAssembly engine used by Google Chrome. Google has confirmed that the vulnerability is being actively exploited in the wild. The flaw is an out-of-bounds read/write memory corruption issue that could allow a remote attacker to execute arbitrary code within Chrome’s sandbox by persuading a user to visit a specially crafted HTML page. Successful exploitation could lead to unauthorized code execution and further compromise of the affected system.

  • CVE ID: CVE-2026-11645
  • CVSS: 8.8
  • Threat Type: Out-of-Bounds Read/Write Memory Corruption (Chrome V8 Zero-Day)
  • Active Region: Global
  • Affected Sector: Cross sector
  • Affected Product: Google Chrome versions prior to 149.0.7827.103 (macOS) and 149.0.7827.102 (Windows/Linux)
  • Severity: High
  • Published Date: June 08, 2026

TECHNICAL DETAILS

The vulnerability arises from improper memory boundary validation, allowing memory to be accessed outside the intended bounds of an allocated object or buffer. A remote attacker may exploit the flaw by convincing a user to visit a specially crafted HTML page containing malicious web content. Successful exploitation can result in memory corruption and may enable arbitrary code execution within Chrome’s sandboxed renderer process.

  • Target: The vulnerability affects all desktop versions of Google Chrome (Windows, macOS, and Linux) prior to 149.0.7827.103, as well as other Chromium-based browsers using the vulnerable V8 JavaScript engine and have not yet applied the corresponding security updates.
  • Root Cause: Improper bounds validation within the V8 JavaScript engine, leading to out-of-bounds memory access. Technical details regarding the underlying flaw have not been publicly disclosed by Google to prevent further exploitation.
  • Prerequisite For Exploitation: User interaction required (the victim must visit or be redirected to a specially crafted HTML page containing malicious web content that……

Download the Report

Date

Share

Previous Reports