CVE-2026-11645 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.8 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 23%

Affected Products (NVD)

Vendor	Product	Version
google	chrome	𝑥 < 149.0.7827.103

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

chromium

bookworm	vulnerable
bookworm (security)	vulnerable
bullseye	vulnerable
bullseye (security)	vulnerable
forky	vulnerable
sid	vulnerable
trixie	vulnerable
trixie (security)	vulnerable

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

Vulnerability Media Exposure

[GERMAN] Jetzt aktualisieren: Chrome-Update schließt angegriffene Sicherheitslücke
Das Update für Google Chrome sollten Nutzerinnen und Nutzer rasch installieren, da eine der geschlossenen Lücken angegriffen wird.
Published: 2026-06-09T06:01:00+00:00
[ENGLISH] Google patches new Chrome zero-day flaw exploited in the wild
Google has released emergency updates to patch another Chrome zero-day vulnerability that has been exploited in the wild, the fifth such flaw patched since the start of the year. [...]
Published: 2026-06-09T02:56:27-04:00
[ENGLISH] Chrome's zero-day Whac-A-Mole continues with fifth exploited bug of the year
Google paid researcher a tidy $55K bounty for its discovery
Published: 2026-06-09T14:15:00+02:00
[ENGLISH] Google Releases Patch for Chrome Vulnerability Exploited in the Wild
The flaw, CVE-2026-11645, can allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page
Published: 2026-06-09T10:15:00+00:00
[GERMAN] Ein falscher Klick reicht: Chrome-Nutzer werden über V8-Lücke attackiert
Ein Klick auf einen Link genügt, um in Google Chrome Schadcode zur Ausführung zu bringen. Angreifer machen davon bereits Gebrauch. ( Sicherheitslücke , Google )
Published: 2026-06-09T09:58:10+02:00
[ENGLISH] Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now
Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2026-11645 (CVSS score: 8.8), has been described as an out-of-bounds memory access in V8, Chrome's JavaScript and WebAssembly engine. "Out-of-bounds read and write in V8 in Google Chrome prior to 149.0.7827.103
Published: 2026-06-09T17:28:49+05:30
[GERMAN] Google Chrome: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in Google Chrome ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen oder andere, nicht näher spezifizierte Angriffe durchzuführen.
Published: 2026-06-08T22:00:00+00:00

References

https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0153744567.html

https://issues.chromium.org/issues/506689381

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-11645