Google patches Chrome zero-day CVE-2026-11645 exploited in wild

Google fixed a high-severity Chrome V8 zero-day, CVE-2026-11645, with an exploit already active. The out-of-bounds memory bug allows remote code execution via crafted HTML. Patches for version 149.0.7827.102/.103 are live on Windows, Mac, and Linux. Researcher 303f06e3 received a $55,000 bug bounty for the discovery.