All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Google Patches Fifth Chrome Zero-Day of 2026 with CVE-2026-11645 Fix

1d ago· 1 min readenNews
Bagel score 75 of 100
75/100
Toasty
Bagelometer

Crusty in the right places. Worth the chew.

Score75TypenewsSentimentnegative

Summary

Google released Chrome 149, patching 74 vulnerabilities including CVE-2026-11645, a high-severity V8 out-of-bounds read/write flaw that is the fifth Chrome zero-day exploited in 2026. The vulnerability allows remote attackers to execute arbitrary code inside a sandbox via a crafted HTML page. Google paid an anonymous researcher $55,000 for the report, and the flaw may have been chained with a sandbox escape weakness.

Key quotes

· 4 pulled
CVE-2026-11645 identified as a high-severity V8 out-of-bounds read/write flaw
The flaw enables a remote attacker to execute arbitrary code inside a sandbox through a specially crafted HTML page
Google received the report in late April from an anonymous researcher, assigned identifier 303f06e3
The researcher received $55,000, and CVE-2026-11645 is the fifth exploited Chrome zero-day in 2026
Snippet from the RSS feed
Chrome 149 patches 74 vulnerabilities, including exploited-in-the-wild zero-day CVE-2026-11645 in V8 that enables arbitrary code execution via crafted HTML.

You might also wanna read

Researcher Discovers Critical React2Shell RCE Vulnerability (CVE-2025-55182) Affecting Millions of Websites

A security researcher recounts discovering a critical remote code execution vulnerability (CVE-2025-55182, dubbed "React2Shell") in the Reac

lachlan.nz·1mo ago

Apple patches critical iOS zero-day vulnerability exploited in targeted attacks

Apple has patched a critical zero-day vulnerability (CVE-2026-20700) affecting every iOS version since 1.0, discovered by Google's Threat An

theregister.com·3mo ago

Critical Remote Code Execution Vulnerability Discovered in Widely Used protobuf.js Library

A critical remote code execution vulnerability has been discovered in protobuf.js, a widely used JavaScript implementation of Google's Proto

bleepingcomputer.com·1mo ago

Google detects and blocks first known AI-assisted zero-day exploit

Google's Threat Intelligence Group has detected and stopped what it says is the first known zero-day exploit developed with AI assistance. T

The Verge·29d ago

Critical Security Vulnerability CVE-2025-66478 in React Server Components Protocol

A critical security vulnerability (CVE-2025-66478) has been discovered in the React Server Components (RSC) protocol with a CVSS score of 10

nextjs.org·6mo ago

How the V8 Sandbox Aims to Eliminate Memory Safety Bugs in JIT Compilers

The article discusses the V8 team's work on the V8 Sandbox, a security mitigation designed to protect against browser exploits caused by mem

medium.com·8mo ago