Google has released an emergency update to patch 74 Chrome vulnerabilities, including a high-severity flaw that has been exploited in the wild.
This is the fifth Chrome zero-day vulnerability in 2026 that has been exploited before a patch has been made available.
The security bulletin, published on June 8, include fixes for 17 critical vulnerabilities, 55 high-severity ones and tow medium-severity ones.
The security fixes will roll out “over the coming days/weeks” for Chrome users on Windows, Mac and Linux.
$55,000 For Reporting CVE-2026-11645 to Google
Among these, CVE-2026-11645 is an out of bounds read and write vulnerability affecting V8 in Google Chrome versions prior to 149.0.7827.103.
It was reported to Google on April 27 by a security researcher identified by Google as ‘303f06e3,’ who has previously reported Chrome vulnerabilities. They were awarded $55,000 for disclosing it to the Chrome security team.
When exploited, CVE-2026-11645 allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. It has been allocated a high-severity rating of 8.8.
Google confirmed it is aware of this flaw being exploited in the wild.
However, it did not provide any additional details about the exploitation evidence.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” the company said in the advisory.
“We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.”
Image credits: Mijansk786 / Wachiwit / Shutterstock.com
Read now: Patch Responsibility Remains Up for Grabs as AI Unearths Decades of Flaws
