**Google** has rolled out significant security updates for **Chrome**, tackling a total of 74 vulnerabilities. Of particular concern is a high-severity flaw, **CVE-2026-11645**, which has been confirmed to be under active exploitation. ## The Zero-Day Vulnerability: CVE-2026-11645 This critical vulnerability, assigned a **CVSS score of 8.8**, is characterized as an out-of-bounds memory access issue within **V8**, Chrome's JavaScript and WebAssembly engine. The **NIST National Vulnerability Database (NVD)** describes the flaw as allowing "a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page" in **Google Chrome** versions prior to 149.0.7827.103. Security researcher "303f06e3" is credited with discovering and responsibly reporting the flaw on April 27, 2026, receiving a $55,000 bug bounty for their efforts. ## Active Exploitation Confirmed **Google** has acknowledged the existence of an exploit for **CVE-2026-11645** in the wild. As is standard practice to mitigate further risk, the company has refrained from releasing specific details about the exploitation to allow a broader user base to apply the necessary fixes. This latest incident marks the fifth actively exploited **Chrome** zero-day addressed by **Google** since the beginning of the year. Previous zero-days include **CVE-2026-2441**, **CVE-2026-3909**, **CVE-2026-3910**, and **CVE-2026-5281**. ## Urgent Action Required for Users To ensure optimal protection, users are strongly advised to update their **Chrome** browsers to versions **149.0.7827.102/.103** for Windows and **Apple macOS**, and **149.0.7827.102** for Linux. Users can verify their update status by navigating to `More > Help > About Google Chrome` and selecting `Relaunch`. Users of other Chromium-based browsers, such as **Microsoft Edge**, **Brave**, **Opera**, and **Vivaldi**, should also remain vigilant and apply updates as soon as they become available from their respective vendors.