PatchSiren cyber security CVE debrief
CVE-2026-11645 Google CVE debrief
CVE-2026-11645 is a HIGH severity vulnerability in Google Chromium V8, a JavaScript engine developed by Google. This vulnerability allows for out-of-bounds read and write, with a CVSS score of 8.8. It was published on 2026-06-09 and added to the CISA Known Exploited Vulnerabilities catalog on the same day, with a due date for mitigation by 2026-06-23.
- Vendor
- Product
- Chromium V8
- CVSS
- HIGH 8.8
- CISA KEV
- Listed
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-09
Who should care
Users and administrators of Google Chromium V8 are advised to apply mitigations per vendor instructions. Follow applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are unavailable.
Technical summary
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability. The vulnerability has been identified in the Google Chromium V8 engine, which could allow an attacker to perform out-of-bounds read and write operations.
Defensive priority
HIGH
Recommended defensive actions
- Apply mitigations per vendor instructions.
- Follow applicable BOD 22-01 guidance for cloud services.
- Discontinue use of the product if mitigations are unavailable.
Evidence notes
The CISA Known Exploited Vulnerabilities catalog (resourceLinkAnnotations: cisa-kev) and CVE record (resourceLinkAnnotations: cve-org) provide further details on this vulnerability.
Official resources
-
CVE-2026-11645 CVE record
CVE.org
-
CVE-2026-11645 NVD detail
NVD
-
CISA Known Exploited Vulnerabilities catalog
CISA - Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
-
Source item URL
cisa_kev
This CVE debrief was generated based on the provided source corpus and official links, following strict guidelines to ensure accuracy and relevance.