AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

🔥 This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)

CVE-2026-11645: Google Chromium V8 Out-of-Bounds Read and Write Vulnerability

infovulnerability🔥 Actively Exploited

security

Source: CISA Known Exploited VulnerabilitiesJune 8, 2026CVE-2026-11645

Summary

Google Chromium V8 contains an out-of-bounds read and write vulnerability (a bug where code accesses memory locations it shouldn't, potentially corrupting data) that could let attackers run malicious code inside a sandbox through a specially crafted HTML page. This affects multiple browsers built on Chromium, like Chrome, Edge, and Opera, and is currently being exploited by attackers in real attacks.

Solution / Mitigation

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-06-23. See vendor updates at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0153744567.html

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.1%

Patch Available

Yes

Exploit Maturity

🔥 Actively Exploited

Disclosure Date

June 8, 2026

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-787 CWE-125

CAPEC (Attack Pattern)

CAPEC-100 CAPEC-540

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-11645

First tracked: June 9, 2026 at 02:00 PM

Classified by LLM (prompt v3) · confidence: 95%