Chrome Users Need To Update Now As Google Patches Another Active Zero-Day
CVE-2026-11645 was reported to Google two weeks ago and relates to a Chrome V8 JavaScript engine vulnerability that allows attackers to exploit an out-of-bounds memory error to execute arbitrary code within the browser. This allows attackers to access data outside of intended memory bounds, and Google confirms that the exploit has been used for real-world attacks.
For those who want to make sure they receive the update as soon as possible, just open up the triple-dot Settings menu on Chrome, go to the "Help" dropdown, and click "About Google Chrome." Doing this will open up the page screenshotted below, at which point the latest available Chrome update will be automatically downloaded to your system and applied after a restart.

As highlighted by Bleeping Computer, this is the fifth zero-day Chrome exploit Google has addressed since the beginning of the year.
Other issues included CVE-2026-2441, which exploited Chrome's CSS font feature values, and CVE-2026-5281, which exploited Chrome's WebGPU implementation. One other zero-day, CVE-2026-3909 was also an out-of-bounds vulnerability, but for writes in the Skia 2D graphics library. CVE-2026-3910 related to an implementation vulnerability in V8 JavaScript and WebAssembly.
Cybersecurity has been front and center in the news lately. AI has accelerated both the development of new threats and the discovery of more vulnerabilities.
Of the 74 security fixes included in the new Chrome update, 17 CVEs were rated "Critical", 56 were rated "High", and only 2 were rated "Medium." While it's good that Google seems to be staying on top of these (and even lists the tools it used to find many of them,) it is a little off-putting to see just how many exploits are continuously being discovered in software as pervasive as Chrome. Hopefully, users will remain mindful of consistent security patches and good practices as we move further into the AI-assisted era of cybersecurity and cyber attacks.