{"uuid": "b8838529-7869-4a26-9c4f-79c3a854f894", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-11645", "type": "seen", "source": "https://gist.github.com/alon710/c2056049c388c5ac395f953c312585f2", "content": "# CVE-2026-11645: CVE-2026-11645: Out-of-Bounds Memory Access in Google Chrome V8 Engine\n\n> **CVSS Score:** 8.8\n> **Published:** 2026-06-08\n> **Full Report:** https://cvereports.com/reports/CVE-2026-11645\n\n## Summary\nA high-severity memory corruption vulnerability exists in the V8 JavaScript engine of Google Chrome before versions 149.0.7827.102/103. The flaw arises from an incorrect bounds-check elimination during JIT compilation by the TurboFan optimizer, allowing remote attackers to achieve out-of-bounds read and write access inside the sandboxed renderer process.\n\n## TL;DR\nAn out-of-bounds read and write vulnerability in Google Chrome's V8 engine allows remote attackers to execute arbitrary code within the sandboxed renderer process via crafted JavaScript.\n\n## Technical Details\n\n- **CWE ID**: CWE-125, CWE-787\n- **Attack Vector**: Network (AV:N)\n- **CVSS Score**: 8.8\n- **Exploit Status**: Proof of Concept / Restricted\n- **CISA KEV Status**: Not Listed\n\n## Affected Systems\n\n- Google Chrome\n- Microsoft Edge\n- Any Chromium-based browser utilizing the V8 JavaScript engine\n- **Google Chrome**: < 149.0.7827.102 (Fixed in: `149.0.7827.102`)\n\n## Mitigation\n\n- Enforce browser auto-updates across the enterprise\n- Deploy strict endpoint process monitoring\n- Utilize Network Intrusion Detection Systems to monitor for known exploitation behavior\n\n**Remediation Steps:**\n1. Verify Google Chrome version is 149.0.7827.103 or higher (Windows/macOS) or 149.0.7827.102 (Linux)\n2. Force browser restart to apply pending updates\n3. Implement endpoint detection rules to monitor Chrome subprocess behavior\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-11645) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-09T13:21:27.000000Z"}