Google has fixed its fifth actively exploited Chrome zero-day of 2026, and this one earned its finder a $55,000 bounty.
The flaw, tracked as CVE-2026-11645, is an out-of-bounds memory access bug in Chrome’s V8 JavaScript engine. Google confirmed that the vulnerability is being exploited in the wild, but has disclosed little beyond the bare technical details.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- A nasty Google Cloud bug could let hackers use it to launch attacks
July 20, 2023
Cybersecurity researchers from Orca Security have uncovered a new bug in the Google Cloud Build service which could allow threat actors to gain almost full access to Google Artifact Registry code repositories. The repercussions of the flaw, the researchers are saying in their report, are quite dire. The researchers named the vulnerability Bad.Build, saying it allows ...
- CISA Releases Cybersecurity Advisory on Threat Actors Exploiting Citrix CVE-2023-3519
July 20, 2023
The Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Advisory (CSA), Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells, to warn organizations about threat actors exploiting CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway. In June 2023, threat actors exploited this vulnerability as a ...
- Comprehensive analysis of initial attack samples exploiting CVE-2023-23397 vulnerability
July 19, 2023
On March 14, 2023, Microsoft published a blogpost describing an Outlook Client Elevation of Privilege Vulnerability (CVSS: 9.8 CRITICAL). The publication generated a lot of activity among white, grey and black hat researchers, as well as lots of publications and tweets about the vulnerability and its exploitation. In this post Kaspersky researchers highlight the key points ...
- DDoS Botnets Target Zyxel Vulnerability CVE-2023-28771
July 19, 2023
In June 2023, FortiGuard Labs detected the propagation of several DDoS botnets exploiting the Zyxel vulnerability (CVE-2023-28771). This vulnerability is characterized by a command injection flaw affecting multiple firewall models that could potentially allow an unauthorized attacker to execute arbitrary code by sending a specifically crafted packet to the targeted device. The severity of this flaw, ...
- Victims of Cyberattack on File-Transfer Tool Pile Up
July 19, 2023
The list of companies hit by a cyberattack on a widely used software tool continues to expand and several victims have filed lawsuits alleging mishandling of data. The continued disclosure of new victims affected by hackers exploiting a vulnerability in MoveIt, a common file-transfer tool from Progress Software, underscores how cyberattacks can ripple through supply chains. ...
- Escalating Privileges via Third-Party Windows Installers
July 19, 2023
Picture this: you’ve finally made it past the perimeter of a highly secured organization. You’re feeling pretty pleased with yourself, until you realize you only have Active Directory privileges of a newly hired intern and the thrill trickles away. However, with some crafty tricks and a bit of luck, you just might be able to ...