Google has launched an emergency security update for Chrome to address CVE-2026-11645, a critical zero-day vulnerability currently being exploited in the wild. The flaw stems from an out-of-bounds memory access error within the V8 JavaScript engine. This specific weakness allows attackers to read or write data beyond the memory buffer's boundaries, potentially exposing sensitive information or executing arbitrary code through specially crafted HTML pages.
Users should immediately verify their browser version and update to the following builds to mitigate risk:
- Windows and Linux: version 149.0.7827.102
- macOS: version 149.0.7827.103
While the exploit operates within the browser's sandbox, its ability to bypass memory protections makes it a high-priority threat. This marks another instance of the V8 engine being targeted due to its complexity and central role in processing web content across millions of devices globally.
