Google has released a security update to address a critical vulnerability in Chrome’s V8 engine, which has been actively exploited. The update targets 74 vulnerabilities, including a notable zero-day flaw, CVE-2026-11645, with a CVSS score of 8.8. This vulnerability allows remote attackers to execute arbitrary code through a specially crafted HTML page. Discovered by a researcher known as “303f06e3” on April 27, 2026, the flaw earned a $55,000 bug bounty from Google. The company has confirmed the presence of an active exploit but withheld further details to protect users. Users are advised to update Chrome to the latest versions: 149.0.7827.102 or 149.0.7827.103 for Windows and macOS, and 149.0.7827.102 for Linux. Updates can be accessed via the browser’s Help menu. Additionally, users of other Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi should also update to reduce vulnerability risks.
Has Google released a security patch for a critical Chrome vulnerability?
