10 June 2026
Reference: CVE-2026-11645
1. What is being reported?
The vulnerability involves a problem in Chromium V8, the part of Google Chrome that processes web content. It allows attackers to read and write outside the allowed memory areas, potentially letting them run harmful software inside the browser's security sandbox by using a specially crafted webpage.
2. What this means in plain English
If exploited, attackers could take control of your computer or access sensitive information without your permission just by you visiting a malicious website. This puts your business data and systems at risk.
3. Could this affect a small business?
Any small business, charity, club, or organisation using Google Chrome on their computers could be affected. Those who do not use Chrome or have strict browsing controls may be less at risk, but it is best to check.
4. What to do now
- Update Google Chrome to the latest version immediately once the patch is available.
- If you use cloud services or browsers managed by a third party, confirm they have applied the necessary security updates.
- Avoid visiting unfamiliar or suspicious websites until your browser is updated.
- Consult your IT provider about applying any additional mitigations recommended by Google or security authorities.
5. Ask your IT provider
Has the latest security update for Google Chrome addressing CVE-2026-11645 been applied to all our devices and managed services?
6. Bottom line
Update Google Chrome promptly to protect your organisation from an actively exploited, high-risk security flaw.
Information based on CISA KEV, NVD and reputable security reporting.