8.8

CVE-2026-11645

Warnung
Medienbericht
Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleChrome Version < 149.0.7827.103
   ApplemacOS Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login

09.06.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog

Google Chromium V8 Out-of-Bounds Read and Write Vulnerability

Schwachstelle

Google Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.65% 0.735
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
15.06.2026 17:02
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
10.06.2026 17:43
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
09.06.2026 14:56
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
09.06.2026 09:11
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
09.06.2026 08:26
https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0153744567.html
Vendor Advisory
Release Notes
https://issues.chromium.org/issues/506689381
Permissions Required
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-11645
US Government Resource