CVE-2026-11645: Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute...

Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CISA Known Exploited Vulnerability

This vulnerability is on CISA's Known Exploited Vulnerabilities catalog, meaning it has been confirmed exploited in the wild. Federal agencies are required to patch by 2026-06-23.

Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Ghostwire Analysis — What This Means Practically

Medium CVSS score indicates moderate risk — exploitation requires specific conditions or results in limited impact.
Exploit code is reported to be available, increasing the likelihood of active exploitation.
4 articles from independent security sources have covered this vulnerability, indicating significant industry attention.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

CVE-2026-11645: Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute...

Description

CISA Known Exploited Vulnerability

Ghostwire Analysis — What This Means Practically

Security Coverage (4 articles)

References