Google patches 74 Chrome vulnerabilities including actively exploited zero-day CVE-2026-11645

Google patched 74 vulnerabilities in Chrome, including a high-severity zero-day (CVE-2026-11645) actively exploited in the wild. The company confirmed awareness of an existing exploit for CVE-2026-11645, which was addressed in Chrome versions 149.0.7827.102/.103 for Windows and macOS and 149.0.7827.102 for Linux. The update was released on Monday and will roll out to users over the coming days and weeks. CVE-2026-11645 is classified as an out-of-bounds memory access vulnerability. No additional technical details or attack vectors were disclosed in the advisory.