Google Chrome is affected by three vulnerabilities this cycle: a CISA KEV-listed V8 zero-day (CVE-2026-11645, CVSS 8.8) with confirmed active exploitation via drive-by compromise, and two critical sandbox escape vulnerabilities in the ANGLE graphics layer and Network component (CVE-2026-10881 and CVE-2026-10882, CVSS 9.6 each) that allow a remote attacker to execute code on the underlying host from a malicious webpage. Because Chrome is deployed on virtually every enterprise endpoint, unpatched installations represent an immediately exploitable entry point requiring same-day patch action for the KEV-listed flaw.