Google has fixed its fifth actively exploited Chrome zero-day of 2026, and this one earned its finder a $55,000 bounty.
The flaw, tracked as CVE-2026-11645, is an out-of-bounds memory access bug in Chrome’s V8 JavaScript engine. Google confirmed that the vulnerability is being exploited in the wild, but has disclosed little beyond the bare technical details.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Huawei Router Vulnerability Used to Spread Mirai Variant
December 22, 2017
Researchers have identified a vulnerability in a Huawei home router model that is being exploited by an adversary to spread a variant of the Mirai malware called Okiku, also known as Satori. Researchers at Check Point published a report Thursday, and said the flaw is in Huawei’s router model HG532. It said it is tracking hundreds ...
- We need to talk about mathematical backdoors in encryption algorithms
December 15, 2017
Security researchers regularly set out to find implementation problems in cryptographic algorithms, but not enough effort is going towards the search for mathematical backdoors, two cryptography professors have argued. Governments and intelligence agencies strive to control and bypass or circumvent cryptographic protection of data and communications. Backdooring encryption algorithms is considered as the best way to ...
- Pre-Installed Password Manager On Windows 10 Lets Hackers Steal All Your Passwords
December 15, 2017
If you are running Windows 10 on your PC, then there are chances that your computer contains a pre-installed 3rd-party password manager app that lets attackers steal all your credentials remotely. Starting from Windows 10 Anniversary Update (Version 1607), Microsoft added a new feature called Content Delivery Manager that silently installs new “suggested apps” without asking for users’ ...
- 19-Year-Old TLS Vulnerability Weakens Modern Website Crypto
December 13, 2017
A vulnerability called ROBOT, first identified in 1998, has resurfaced. Impacted are leading websites ranging from Facebook to Paypal, which are vulnerable to attackers that could decrypt encrypted data and sign communications using the sites’ own private encryption key. The vulnerability is found in the transport layer security protocol used for Web encryption. A successful attack could ...
- Why bother cracking PCs? Spot o’ malware on PLCs… Done. Industrial control network pwned
December 12, 2017
Security researchers have demonstrated a new technique for hacking air-gapped industrial control system networks, and hope their work will encourage the development of more robust defences for SCADA-based systems. Air-gapped industrial networks are thought to be difficult if not impossible to hack partly because they are isolated from the internet and corporate IT networks. However, in ...
- Banking Apps Found Vulnerable to MITM Attacks
December 7, 2017
Leading US and UK-based banks have patched a flaw found in their Android and iOS mobile apps that allowed adversaries to conduct man-in-the-middle attacks to steal customer credentials and view and manipulate network traffic. According to researchers at the School of Computer Science at the University of Birmingham that found the flaw, the vulnerability impacted nine apps belonging ...