// #cve-2026-11645
3 articles
Managing Chrome V8 Zero-Days in Enterprise Fleets: Browser Asset Inventory and Rapid Update Strategies
CVE-2026-11645's active exploitation before the patch highlights a persistent gap in enterprise browser management: many organisations do not maintain accurate browser version inventories or have the ability to push browser updates faster than the standard monthly patch cycle. This guide covers Chrome fleet management, version enforcement, and emergency update deployment.
Google Chrome Zero-Day CVE-2026-11645: V8 Out-of-Bounds Write Actively Exploited Before Patch
Google has released Chrome 149.0.7762.95 patching CVE-2026-11645, an out-of-bounds write in the V8 JavaScript engine that was actively exploited before disclosure. CISA has added the flaw to the Known Exploited Vulnerabilities catalogue. All users and enterprise deployments should update immediately — CISA's federal deadline is 30 June.
CISA Adds Chrome V8 Zero-Day, Cisco SD-WAN, and Arista EOS to Known Exploited Vulnerabilities Catalogue
CISA added three vulnerabilities to the KEV catalogue on 9 June: Google Chrome CVE-2026-11645 (V8 out-of-bounds write, actively exploited), Cisco SD-WAN CVE-2026-20245 (authentication bypass), and Arista EOS CVE-2026-7473 (privilege escalation command injection). Federal agencies face a 30 June remediation deadline across all three.