Google has released an emergency security update for Chrome after confirming that a newly patched zero-day vulnerability has already been exploited in real-world attacks.
The vulnerability, tracked as CVE-2026-11645, affects Chrome’s V8 JavaScript engine, a core component used to process JavaScript code inside the browser. Google has now patched the issue across Windows, macOS, and Linux versions of Chrome.
Chrome Zero-Day Vulnerability Patched in Emergency Update
According to Google’s latest Chrome Stable Channel update, the company is aware that an exploit for CVE-2026-11645 exists in the wild. This means attackers have already found a way to abuse the flaw before all users received a security fix.
The patched Chrome versions are:
Windows: 149.0.7827.102
Mac: 149.0.7827.102 / 149.0.7827.103
Linux: 149.0.7827.102
Google says the update will roll out to users over the coming days or weeks. However, users do not need to wait for the automatic rollout and should manually check for updates as soon as possible.
What Is CVE-2026-11645?
CVE-2026-11645 is a high-severity out-of-bounds memory access vulnerability in Chrome’s V8 engine.
In simple terms, this type of flaw can allow attackers to access memory areas they should not be able to reach. When exploited successfully, it may lead to browser crashes, exposure of sensitive information, or help attackers move closer to running malicious code.
Because V8 handles JavaScript and WebAssembly, vulnerabilities in this engine are especially serious. Attackers can potentially trigger exploitation by convincing a user to visit a specially crafted webpage.
Fifth Chrome Zero-Day Patched This Year
This is reportedly the fifth Chrome zero-day vulnerability patched by Google in 2026. Earlier this year, Google also fixed actively exploited Chrome flaws affecting components such as CSSFontFeatureValuesMap, Skia, V8, and Dawn.
The repeated discovery of Chrome zero-days shows why keeping browsers updated is one of the simplest and most important cybersecurity habits for everyday users and organizations.
How to Update Google Chrome Now
To update Chrome manually:
Open Google Chrome
Click the three-dot menu in the top-right corner
Go to Help
Select About Google Chrome
Allow Chrome to check for updates
Relaunch the browser to finish installing the update
Chrome normally updates automatically, but manually checking ensures you receive the patch as soon as possible.
Why This Update Matters
Zero-day vulnerabilities are dangerous because attackers can exploit them before users or security teams have time to defend against them. In this case, Google has confirmed that CVE-2026-11645 is already being used in attacks.
Anyone using Chrome on desktop should update immediately. Businesses should also make sure managed devices receive the latest Chrome version as quickly as possible.
Final Thoughts
Google’s latest emergency Chrome update fixes a serious zero-day vulnerability in the V8 engine that has already been exploited in the wild. Since Chrome is one of the most widely used browsers in the world, users should treat this update as urgent.
Keeping Chrome updated is the best way to stay protected from known browser-based attacks.