// #v8

2 articles

Google has released Chrome 149.0.7762.95 patching CVE-2026-11645, an out-of-bounds write in the V8 JavaScript engine that was actively exploited before disclosure. CISA has added the flaw to the Known Exploited Vulnerabilities catalogue. All users and enterprise deployments should update immediately — CISA's federal deadline is 30 June.

Jun 9, 2026 #chrome +8

💻 AppSec

Google Patches Two Actively Exploited Chrome Zero-Days — CISA Orders Federal Agencies to Update by 27 March

Google released an emergency Chrome update on 13 March addressing two zero-day vulnerabilities — an out-of-bounds write in Skia and a V8 sandbox escape — both confirmed as exploited in the wild. CISA added both to the Known Exploited Vulnerabilities catalogue the same day with a 27 March federal remediation deadline.

Mar 22, 2026 #zero-day +7

Google Chrome Zero-Day CVE-2026-11645: V8 Out-of-Bounds Write Actively Exploited Before Patch

Google Patches Two Actively Exploited Chrome Zero-Days — CISA Orders Federal Agencies to Update by 27 March