Google has confirmed the existence of a working exploit and urged to immediately install an update.
Google has released an emergency Chrome update for Windows, macOS and Linux. In the browser closed immediately 74 vulnerabilities, and one of them is already used in real attacks. The new stable version of Chrome received numbers 149.0.0727.102 and 149.0.7827.103 for Windows and macOS, as well as 149.0.7827.102 for Linux. The update will be distributed gradually over the coming days and weeks.
The main problem is the vulnerability CVE-2026-11645 (CVS:3.1/AV:N/AV:C/C/C/C/H:H/H:H/H:H:H:H – 8.8 High) in the V8 engine, which is responsible for the execution of JavaScript. The error allows you to go beyond the permissible area of memory. Google has assigned vulnerabilities a high level of danger and confirmed that it already has a working malicious code that attackers use.
For the fact that he discovered CVE-2026-11645, a specialist under the pseudonym 303f06e3 received an award of $ 55 000. Google has not yet disclosed details so as not to facilitate the attack until most users set the update.
The latest version of Chrome also fixed 17 critical vulnerabilities. Most is related to the fact that the code turns to the already released memory. Such errors were found in the components of Ozone, File Input, Aura, TabStrip, Bluetooth, Gamepad, Autofill, Views, Printing, Compositing, Web Apps and Proxy. Another critical vulnerability is the integer overflow in the library libyov.
In addition, Google has closed dozens of high-level hazard vulnerabilities in V8, network, extensions, service employees, multimedia processing, PDF, GPU, WebRTC, Skia, Dawn, passwords, new tab, guest mode, interface and other parts of the browser.
The company advises users not to postpone the update. Chrome usually installs new versions automatically, but the check can be started manually through the “About Chrome browser” partition in the settings. After downloading the update, the browser must restart.
Google has released an emergency Chrome update for Windows, macOS and Linux. In the browser closed immediately 74 vulnerabilities, and one of them is already used in real attacks. The new stable version of Chrome received numbers 149.0.0727.102 and 149.0.7827.103 for Windows and macOS, as well as 149.0.7827.102 for Linux. The update will be distributed gradually over the coming days and weeks.
The main problem is the vulnerability CVE-2026-11645 (CVS:3.1/AV:N/AV:C/C/C/C/H:H/H:H/H:H:H:H – 8.8 High) in the V8 engine, which is responsible for the execution of JavaScript. The error allows you to go beyond the permissible area of memory. Google has assigned vulnerabilities a high level of danger and confirmed that it already has a working malicious code that attackers use.
For the fact that he discovered CVE-2026-11645, a specialist under the pseudonym 303f06e3 received an award of $ 55 000. Google has not yet disclosed details so as not to facilitate the attack until most users set the update.
The latest version of Chrome also fixed 17 critical vulnerabilities. Most is related to the fact that the code turns to the already released memory. Such errors were found in the components of Ozone, File Input, Aura, TabStrip, Bluetooth, Gamepad, Autofill, Views, Printing, Compositing, Web Apps and Proxy. Another critical vulnerability is the integer overflow in the library libyov.
In addition, Google has closed dozens of high-level hazard vulnerabilities in V8, network, extensions, service employees, multimedia processing, PDF, GPU, WebRTC, Skia, Dawn, passwords, new tab, guest mode, interface and other parts of the browser.
The company advises users not to postpone the update. Chrome usually installs new versions automatically, but the check can be started manually through the “About Chrome browser” partition in the settings. After downloading the update, the browser must restart.
