Google has fixed its fifth actively exploited Chrome zero-day of 2026, and this one earned its finder a $55,000 bounty.
The flaw, tracked as CVE-2026-11645, is an out-of-bounds memory access bug in Chrome’s V8 JavaScript engine. Google confirmed that the vulnerability is being exploited in the wild, but has disclosed little beyond the bare technical details.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Windows EFS Feature May Help Ransomware Attackers
January 21, 2020
Security researchers have created concept ransomware that takes advantage of a feature in Windows that encrypts files and folders to protect them from unauthorized physical access to the computer. The lab-developed ransomware strain relies on the Encrypting File System (EFS) component in Microsoft’s operating system and can run undetected by some antivirus software. EFS allows users to ...
- FBI Says State Actors Hacked US Govt Network With Pulse VPN Flaw
January 17, 2020
FBI said in a flash security alert that nation-state actors have breached the networks of a US municipal government and a US financial entity by exploiting a critical vulnerability affecting Pulse Secure VPN servers. The US Cybersecurity and Infrastructure Security Agency (CISA) previously alerted organizations on January 10 to patch their Pulse Secure VPN servers against ongoing attacks trying to exploit the ...
- Microsoft Releases Advisory on Zero-Day Vulnerability CVE-2020-0674, Workaround Provided
January 17, 2020
On January 17, Microsoft published an advisory (ADV200001) warning users about CVE-2020-0674, a remote code execution (RCE) vulnerability involving Microsoft’s Internet Explorer (IE) web browser. A patch has not yet been released as of the time of writing — however, Microsoft has acknowledged that it is aware of limited targeted attacks exploiting the flaw. All ...
- Exploit Fully Breaks SHA-1, Lowers the Attack Bar
January 9, 2020
A proof-of-concept attack has been pioneered that “fully and practically” breaks the Secure Hash Algorithm 1 (SHA-1) code-signing encryption, used by legacy computers to sign the certificates that authenticate software downloads and prevent man-in-the-middle tampering. The exploit was developed by Gaëtan Leurent and Thomas Peyrin, academic researchers at Inria France and Nanyang Technological University/Temasek Laboratories in Singapore. They ...
- First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group
January 6, 2020
Trend Micro found three malicious apps in the Google Play Store that work together to compromise a victim’s device and collect user information. One of these apps, called Camero, exploits CVE-2019-2215, a vulnerability that exists in Binder (the main Inter-Process Communication system in Android). This is the first known active attack in the wild that ...
- 3 Critical Bugs Allow Remote Attacks on Cisco NX-OS and Switches
January 3, 2020
Cisco Systems has issued patches for three critical vulnerabilities impacting a key tool for managing its network platform and switches. The bugs could allow an unauthenticated, remote attacker to bypass endpoint authentication and execute arbitrary actions with administrative privileges on targeted devices, the vendor said. the networking giant disclosed the critical flaws on Thursday; all three ...