TECH NEWS

Chrome's zero-day Whac-A-Mole continues with fifth exploited bug of the year

https://image.theregister.com/256718.jpg?imageId=256718&x=0&y=15.83&cropw=100&croph=71.67&panox=0&panoy=15.83&panow=100&panoh=71.67&width=1200&height=683

Google paid researcher a tidy $55K bounty for its discovery

Google has fixed its fifth actively exploited Chrome zero-day of 2026, and this one earned its finder a $55,000 bounty.

The flaw, tracked as CVE-2026-11645, is an out-of-bounds memory access bug in Chrome's V8 JavaScript engine. Google confirmed that the vulnerability is being exploited in the wild, but has disclosed little beyond the bare technical details.

The company patched the issue in the latest Stable Channel releases for Windows, macOS, and Linux. It also awarded a $55,000 bounty to the researcher using the handle "303f06e3," who reported the bug on April 27.

The reward suggests Google viewed the report as potentially serious, particularly given its location in V8, the JavaScript engine at the heart of Chrome. Bugs in V8 have featured regularly in both Chrome security advisories and exploit chains over the years, making it one of the...

Copyright of this story solely belongs to theregister.com. To see the full text click HERE

Read more