Google has fixed its fifth actively exploited Chrome zero-day of 2026, and this one earned its finder a $55,000 bounty.
The flaw, tracked as CVE-2026-11645, is an out-of-bounds memory access bug in Chrome’s V8 JavaScript engine. Google confirmed that the vulnerability is being exploited in the wild, but has disclosed little beyond the bare technical details.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Attackers use hidden SMS and signalling systems to track targets’ location
April 24, 2026
Security researchers have just unveiled details of two covert surveillance campaigns that exploit weaknesses in the global telecom infrastructure. In a report published on Thursday, Citizen Lab explains that attackers abuse the signalling systems mobile operators use to support roaming, route messages, and locate devices on the network. The weaknesses were used to track certain subscribers ...
- Governments on high alert after CISA snuffs out Firestarter backdoor on fed network
April 24, 2026
A US federal agency was successfully targeted by a previously unknown backdoor malware called Firestarter, according to CISA cybersnoops and their UK counterparts – neither of which disclosed the agency’s name. Federal Civilian Executive Branch (FCEB) agencies include NASA; Homeland Security itself (cyberworkers at CISA are part of an operational unit in Homeland Security); the FBI; the DoJ; the IRS; the ...
- PhantomRPC: A new privilege escalation technique in Windows Remote Procedure Call
April 24, 2026
Windows Interprocess Communication (IPC) is one of the most complex technologies within the Windows operating system. At the core of this ecosystem is the Remote Procedure Call (RPC) mechanism, which can function as a standalone communication channel or as the underlying transport layer for more advanced interprocess communication technologies. Because of its complexity and widespread ...
- Apple fixes iOS bug that kept deleted notifications, including chat previews
April 23, 2026
Apple has released a software update that deals with an issue that could allow deleted notifications to be retrieved. Something that, in at least one reported case, was used by law enforcement during forensic analysis. Apple fixed the issue in iOS and iPadOS versions 18.7.8 and 26.4.2 (check availability for your device at those links). The ...
- Iran claims US used backdoors to knock out networking equipment during war
April 21, 2026
Iranian media is claiming that the US used backdoors and/or botnets to disable networking equipment during the current war, and Chinese state media is dining out on the allegations. Reports from Iran claim hardware made by Cisco, Juniper, Fortinet, and MikroTik either rebooted or disconnected during recent attacks on Iran – despite the regime disconnecting the ...
- Microsoft releases Windows Server update fix to fix its April update fixes
April 20, 2026
Microsoft has pushed out an out-of-band update to address the restart loop that hit some Windows Server devices after its April update. The fix will spare administrators the headache of forced server restarts after installing the April 2026 update. (A reminder that deploying any Microsoft update directly to production without thorough testing is, to put it ...