CVE-2026-11645 is a high-severity vulnerability in the Google Chrome V8 JavaScript engine.
Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability is an actively exploited in the wild, making this a zero-day vulnerability, with a high-severity rating of CVSS score 8.8.
The vulnerability has also been added to the U.S. Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities (KEV) catalog.
Google Chrome version 149.0.7827.103 and before 149.0.7827.103 are affected.
See more details on: