ctipilot.ch

Google Chrome V8 OOB read/write, exploited ITW, CISA KEV; fixed 149.0.7827.103

cve · CVE-2026-11645

Coverage timeline
1
first 2026-06-10 → last 2026-06-10
Briefs
1
1 distinct
Sources cited
97
42 hosts
Sections touched
1
trending_vulns
Co-occurring entities
2
see Related entities below

Story timeline

  1. 2026-06-10CTI Daily Brief — 2026-06-10
    trending_vulnsFirst coverage. KEV-added 2026-06-09; affects Chromium browsers (Edge/Opera).

Where this entity is cited

  • trending_vulns1

Source distribution

  • attack.mitre.org21 (22%)
  • cloud.google.com11 (11%)
  • thehackernews.com7 (7%)
  • bleepingcomputer.com5 (5%)
  • helpnetsecurity.com4 (4%)
  • securityweek.com4 (4%)
  • chromereleases.googleblog.com2 (2%)
  • aikido.dev2 (2%)
  • other41 (42%)

Related entities

External references

NVD · cve.org · CISA KEV

All cited sources (97)

Items in briefs about Google Chrome V8 OOB read/write, exploited ITW, CISA KEV; fixed 149.0.7827.103 (1)

CVE-2026-11645 — Google Chrome V8 out-of-bounds read/write exploited in the wild, added to CISA KEV

From CTI Daily Brief — 2026-06-10 · published 2026-06-10 · view item permalink →

Google patched CVE-2026-11645 (CVSS 8.8), an out-of-bounds read and write in the V8 engine, in Chrome 149.0.7827.103; a crafted HTML page achieves code execution inside the renderer sandbox (Chrome, 2026-06-08). The bug was exploited in the wild before patching and CISA added it to the KEV catalog on 9 June; per the Chrome advisory it affects Chromium-based browsers including Edge and Opera (Chrome, 2026-06-08). The KEV listing is the operational signal here — confirmed active exploitation of a one-click browser bug (T1189, T1203). Update Chrome/Edge/Opera to 149.0.7827.103+ across the estate.