Security researchers and the U.S. government’s cybersecurity agency (CISA) confirmed this week that a serious flaw in Google Chrome is being actively used by attackers right now. The vulnerability, tracked as CVE-2026-11645, is rated 8.8 out of 10 in severity and lives in Chrome’s V8 JavaScript engine — the part of the browser that runs interactive features on almost every website you visit. Attackers can exploit it just by luring you to a malicious webpage; no file download or extra click required.
CISA added this flaw to its Known Exploited Vulnerabilities catalog on June 9, 2026, confirming that real-world attacks are already underway. A patch is available now; the only step between you and protection is a quick browser update.
How to check if you’re affected
Affected versions include all Chrome browsers that haven’t received the latest June 2026 security update. Checking takes under a minute:
- Open Chrome and click the three dots (⋮) in the top-right corner.
- Go to Help → About Google Chrome.
- Chrome will automatically check for updates and install them if available.
- Click Relaunch to finish applying the fix.
If your browser says “Chrome is up to date,” you’re protected. Chrome on Android updates through the Play Store; on iPhone and iPad, check the App Store for a pending Chrome update.