Google has fixed its fifth actively exploited Chrome zero-day of 2026, and this one earned its finder a $55,000 bounty.
The flaw, tracked as CVE-2026-11645, is an out-of-bounds memory access bug in Chrome’s V8 JavaScript engine. Google confirmed that the vulnerability is being exploited in the wild, but has disclosed little beyond the bare technical details.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Medixant Releases Security Update for RadiAnt DICOM Viewer
February 24, 2025
Medixant has released a security update to address an improper certificate validation vulnerability in RadiAnt DICOM Viewer. CVE-2025-1001 has a CvSSv4 score of 5.7 and could allow an attacker with privileged network access to impersonate RadiAnt’s update server. An attacker could modify the server’s response to deliver a malicious update to the user, performing a machine-in-the-middle ...
- Juniper Networks Releases Out-of-Cycle Security Bulletin for Critical Vulnerability
February 19, 2025
Juniper Networks has released an out-of-cycle security update addressing one critical API authentication bypass using an alternate path or channel vulnerability, which has a CVSSv4 score of 9.3. Exploitation of the vulnerability could allow a network-based attacker to bypass authentication and take administrative control of the device. Read more… Source: NHS Digital Sign up for our Newsletter Related:
- Multiple Vulnerabilities Discovered in NVIDIA CUDA Toolkit
February 19, 2025
This article reviews nine vulnerabilities Palo Alto researchers recently discovered in two utilities called cuobjdump and nvdisasm, both from NVIDIA’s Compute Unified Device Architecture (CUDA) Toolkit. The researchers have coordinated with NVIDIA, and the company has released an update in February 2025 to address these issues. The vulnerabilities are tracked as the following Common Vulnerabilities and ...
- Security updates released for PostgreSQL
February 14, 2025
The PostgreSQL Global Development Group (also known as Postgres) has released an advisory to address a high severity vulnerability in PostgreSQL. PostgreSQL is a relational SQL database management system. CVE-2025-1094 is an ‘improper neutralisation of quoting syntax’ vulnerability with a CVSSv3 score of 8.1. If exploited, a remote unauthenticated attacker could achieve SQL injection via sending ...
- Active Exploitation of Critical Vulnerability Chain in SimpleHelp
February 14, 2025
SimpleHelp has released security updates to address one critical and two high severity vulnerabilities in SimpleHelp. SimpleHelp is a remote monitoring and management (RMM) tool that allows administrators and service desk technicians to provide remote support and monitor devices on the network. The three vulnerabilities can be used in an exploit chain, which could allow a ...
- Ivanti Releases February 2025 Security Updates
February 12, 2025
Ivanti has released three security advisories in the February Security Update, which addresses vulnerabilities in Ivanti products. In the first advisory, two vulnerabilities were identified in Ivanti Cloud Services Application (CSA). The Ivanti CSA is an Internet appliance that provides secure communication and functionality over the Internet. It falls under the primary product of Ivanti Endpoint ...