Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now

Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2026-11645 (CVSS score: 8.8), has been described as an out-of-bounds memory access in V8, Chrome's JavaScript and WebAssembly engine. "Out-of-bounds read and write in V8 in Google Chrome prior to 149.0.7827.103

The article reports that Google patched 74 Chrome vulnerabilities, including CVE-2026-11645, a high-severity out-of-bounds memory access bug in the V8 JavaScript/WebAssembly engine that is already being exploited in the wild.[1][2] This flaw can enable remote code execution via a maliciously crafted HTML page, and users are urged to update Chrome to versions after 149.0.7827.103.[1] From a CyberSE.AI perspective, while this is not an AI-specific bug, it directly affects the software supply chain of any AI agents, extensions, or web-based AI tools that rely on Chrome or embedded Chromium engines. Organizations should treat browser and runtime patching as a core AI supply chain control, ensuring SBOM-driven dependency tracking and integrating urgent browser patch rollouts into their AI Security Readiness and hardening processes.