CVE-2026-11645 is the fifth Chrome V8 zero-day patched in 2026, an out-of-bounds memory corruption flaw confirmed under active exploitation that allows drive-by remote code execution via a malicious webpage with no additional user interaction beyond page load. The patched version is Chrome 149.0.7827.196 for Windows and Linux, and 149.0.7827.197 for Mac. Any enterprise endpoint running Chrome below these versions and capable of browsing the internet is at direct code execution risk.