AI Search
Activate subscription >
Add devices or upgrade >
Renew subscription >
Secure Hub >
Don’t have an account?
Sign up >
< Products
< Resources
< Help
Google has issued updates for the Chrome browser, patching a number of high‑severity vulnerabilities.
The update includes fixes for 74 vulnerabilities, including one that is being actively exploited in the wild.
The stable channel has been updated to 149.0.7827.102/.103 for Windows/Mac, and 149.0.7827.102 for Linux, which will roll out over the coming weeks.
If you don’t want to wait for the rollout to reach you, manually updating is easy.
The easiest option is to allow Chrome to update automatically. But you can end up lagging behind on updates if you never close your browser or if something goes wrong, such as an extension preventing the update.
To update manually, click the More menu (three dots), then go to Settings > About Chrome. If an update is available, Chrome will start downloading it automatically. Restart Chrome to complete the update, and you’ll be protected against these vulnerabilities.
You can also find step-by-step instructions in our guide to how to update Chrome on every operating system.
The vulnerability that Google says is being exploited in the wild is tracked as CVE-2026-11645.
Google describes it as:
“Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.”
This means this flaw was found in Chrome’s V8 engine—the part of Chrome (and other Chromium-based browsers) that runs JavaScript.
Such a flaw allows a program to read or write outside the memory boundaries it is supposed to use, enabling attackers to manipulate other areas of memory allocated to more critical functions. Attackers may be able to place malicious code in memory and trick the system into running it.
In this case, the vulnerability could be triggered when V8 processes specially crafted HTML content, such as a malicious website.
The phrase “inside a sandbox” means the malicious code would run in a restricted, sealed-off environment rather than directly on your whole computer. An attacker’s code is constrained to the browser, which lowers the impact compared with code running outside the sandbox. However, attackers often chain multiple vulnerabilities together to achieve more serious compromises. So, the phrase is a security limiter, not a reassurance that the bug is harmless.
The update also includes some new features, like the ability to sign PDF forms without using an extension.
Stop threats before they can do any harm.
Malwarebytes Browser Guard blocks phishing pages and malicious sites automatically. Free, one click to install. Add it to your browser →
SHARE THIS ARTICLE
Pieter Arntz 
Malware Intelligence Researcher
Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.
Deepfakes, voice cloning, and other AI-powered scams cost Americans nearly $900 million in 2025, says the 2025 FBI Internet Crime Report.
Cybercriminals are hiding malware in cracked and repacked games, infecting more than 400,000 devices worldwide.
A list of topics we covered in the week of June 1 to June 7 of 2026
Update Chrome now: Critical bugs could let attackers run code
Microsoft Defender vulnerabilities are being exploited in the wild
Firefox 151 packs big privacy upgrades into a small update
By submitting this form, you consent to Malwarebytes contacting you regarding products and services and using your personal data as described in our Terms of Service and Privacy Policy.
Contributors
Threat Center
Podcast
Glossary
Scams
Malwarebytes – all-in-one cybersecurity protection always by your side.
COMPUTER SECURITY
MOBILE SECURITY
PRIVACY PROTECTION
IDENTITY PROTECTION
LEARN ABOUT CYBERSECURITY
PARTNER WITH MALWAREBYTES
ADDRESS
One Albert Quay
2nd Floor
Cork T12 X8N6
Ireland
2445 Augustine Drive
Suite 550
Santa Clara, CA
USA, 95054
ABOUT MALWAREBYTES
WHY US
GET HELP
Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.
By submitting this form, you consent to Malwarebytes contacting you regarding products and services and using your personal data as described in our Terms of Service and Privacy Policy.
© 2026 All Rights Reserved
