Google Releases Patch for Chrome Vulnerability Exploited in the Wild
The flaw, CVE-2026-11645, can allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page
Stay updated with the latest Chrome security features, vulnerabilities, and updates to safeguard your information online.
Search across headline titles and summaries.
Background for this topic.
Chrome is a web browser that processes and displays web content, executing complex web applications through its rendering engine and JavaScript runtime. Its architecture includes sandboxing techniques to isolate web pages and extensions, limiting their ability to affect the underlying system. Chrome’s extension framework allows third-party add-ons, which can introduce security risks if they request excessive permissions or contain malicious code.
Security concerns focus on vulnerabilities in Chrome’s engine or sandbox that could enable remote code execution or privilege escalation. Malicious or compromised extensions may access sensitive data or inject harmful scripts, making permission management critical. Timely patching of browser updates and monitoring for zero-day exploits are essential to maintain security, while features like site isolation help contain attacks originating from compromised web content or extensions. Understanding these aspects is key for protecting users from browser-based threats.
Weekly headline count for the current query.
The flaw, CVE-2026-11645, can allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page
A Bugcrowd researcher has unveiled ExploitBench, an independent benchmark of AI models for vulnerability exploitation
Ontinue uncovers fake Claude Code installer pushing PowerShell stealer abusing Chrome's IElevator2
108 malicious Chrome extensions steal sessions, Google data, inject ads via single C2 infrastructure
Chrome’s Device Bound Session Credentials is designed to block infostealers from harvesting session cookie
Expel has warned of malicious Chrome extensions stealing users’ AI conversations
ShieldGuard Chrome extension posed as a crypto security tool but stole wallets and drained user data
Google Chrome initiates quantum-resistant measures via Merkle Tree Certificates to secure HTTPS
A high severity vulnerability in Google Chrome and allows remote attackers to execute code
Hundreds of thousands of users have downloaded malicious AI extensions masquerading as ChatGPT, Gemini, Grok and others, warn cybersecurity researchers at LayerX
Users of widely used HR and ERP platforms targeted with malicious extensions which were available in the Chrome Web Store
Google has released a Chrome security update to fix three zero-day vulnerabilities, including a high-severity flaw with an active exploit
Infected 4.3 million Chrome and Edge users via extensions; ShadyPanda exploited browser marketplaces
Google Chrome will enhance security with enforced HTTPS connections from version 154, set for release in October 2026
A zero-day flaw in Chrome has been exploited by Mem3nt0 mori in Operation ForumTroll as part of a targeted espionage campaign
Researchers detected that FreeVPN.One, a longstanding Chrome Web Store VPN extension, recently turned into spyware
Researchers from Koi Security have detected 18 malicious Chrome and Edge extensions masquerading as benign productivity and entertainment tools
Google has patched a critical type confusion vulnerability in Chrome, the fourth zero-day fix in 2025
The tech giant plans to leverage its Gemini Nano LLM on-device to enhance scam detection on Chrome
Researchers have found a Chrome extension that can act on the user’s behalf by using a popular AI agent orchestration protocol