Exposures › CVE-2026-11645
Google Chromium V8 allows remote code execution via crafted HTML pages, enabling sandbox escape and arbitrary code execution.
This vulnerability allows remote attackers to execute arbitrary code inside the browser sandbox via crafted HTML pages, posing a significant risk to DIB organizations relying on Chromium-based browsers for sensitive data handling. The active exploitation status and potential for sandbox escape mean vendors must prioritize patching and users should verify browser integrity to prevent unauthorized access to classified or sensitive information.
Shame score — Active exploitation of a remote code execution vulnerability in a widely used browser engine indicates a critical security oversight.
Google Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
| Product | Provider | Status | Match |
|---|---|---|---|
| Google Services (Google Cloud Platform Products and underlying Infrastructure) | Authorized | vendor-exact · 0.90 | |
| Google Workspace | Authorized | vendor-exact · 0.90 |