Chrome V8 Zero-Day CVE-2026-11645 Being Exploited in the Wild - Apply Patch Immediately
- Jun 9
- 3 min read
Key Findings
Google released security updates addressing 74 vulnerabilities, including CVE-2026-11645, a high-severity zero-day actively exploited in the wild
CVE-2026-11645 is an out-of-bounds memory access flaw in V8 with a CVSS score of 8.8 that allows remote code execution via crafted HTML pages
This is the fifth actively exploited Chrome zero-day in 2026, following CVE-2026-2441, CVE-2026-3909, CVE-2026-3910, and CVE-2026-5281
CISA added CVE-2026-42271, a command injection flaw in LiteLLM, to its Known Exploited Vulnerabilities catalog with evidence of active exploitation
CVE-2026-42271 can be chained with CVE-2026-48710 in Starlette to achieve unauthenticated remote code execution with a combined CVSS score of 10.0
Background
Google's Chrome browser continues to face significant security challenges in 2026, with multiple zero-day vulnerabilities discovered and exploited by threat actors. The V8 JavaScript and WebAssembly engine, which powers Chrome's script execution, has become a repeated target for attackers seeking to compromise user systems. Simultaneously, the AI infrastructure landscape is experiencing similar pressures as vulnerabilities in popular open-source frameworks like LiteLLM are actively weaponized in the wild.
Chrome V8 Out-of-Bounds Memory Access
CVE-2026-11645 represents a critical vulnerability in Google Chrome's V8 engine discovered by security researcher "303f06e3" on April 27, 2026. The flaw allows attackers to execute arbitrary code inside the Chrome sandbox by directing users to specially crafted HTML pages. The researcher received a $55,000 bug bounty for responsible disclosure. Google has confirmed active exploitation but has intentionally withheld technical details to allow users time to apply patches before wider disclosure could enable copycat attacks.
Required Chrome Updates
Users must update Chrome immediately to versions 149.0.7827.102 or 149.0.7827.103 depending on their operating system. Windows and macOS users should install either version, while Linux users require 149.0.7827.102. The update process is straightforward through the browser menu: navigate to More > Help > About Google Chrome and select Relaunch. Users of Chromium-based alternatives including Microsoft Edge, Brave, Opera, and Vivaldi should apply equivalent patches as they become available.
LiteLLM Authentication Bypass and Remote Code Execution
CVE-2026-42271 is a command injection vulnerability affecting LiteLLM versions 1.74.2 through 1.83.6. Two endpoints designed to test MCP server connections accepted server configuration parameters without proper authorization checks, allowing authenticated users to execute arbitrary commands. The flaw was particularly dangerous because security relied solely on API key validation, meaning even internal privileged keys could be abused. BerriAI released version 1.83.7 to restrict these endpoints to users with the PROXY_ADMIN role.
Critical Attack Chain: Unauthenticated RCE
Security researchers at Horizon3.ai discovered that CVE-2026-42271 can be chained with CVE-2026-48710, a host header validation bypass in Starlette versions 1.0.0 and earlier, to achieve completely unauthenticated remote code execution. This combination eliminates the need for any credentials and carries a combined CVSS score of 10.0, earning it critical severity classification. Successful exploitation grants attackers the ability to execute arbitrary commands, access AI model provider credentials, steal API keys and secrets, and potentially compromise connected downstream systems.
LiteLLM Exploitation Impact
Attackers exploiting the LiteLLM vulnerabilities gain access to sensitive credentials and API keys stored within the proxy, creating a bridge into broader AI infrastructure and connected systems. The compromise enables lateral movement and downstream system infiltration. Despite active exploitation confirmed by CISA, specific details about attack patterns, threat actors, or confirmed successful compromises remain unknown. It remains unclear whether attacks observed in the wild are utilizing the critical authentication bypass chain.
Mitigation and Patching Recommendations
Immediate patching is the primary defense, requiring LiteLLM updates to version 1.83.7 or later and Starlette updates to version 1.0.1 or later. For organizations unable to patch immediately, blocking POST requests to /mcp-rest/test/connection and /mcp-rest/test/tools/list at the reverse proxy level provides temporary protection. Additional safeguards include restricting network access to trusted network segments, rotating all credentials stored by the proxy, and reviewing logs for suspicious Host header activity and unexpected subprocess execution events.
Broader Vulnerability Landscape
The pattern of exploited vulnerabilities extends beyond Chrome and LiteLLM. A critical SQL injection flaw in LiteLLM, CVE-2026-42208 with a CVSS score of 9.3, came under active exploitation within 36 hours of public disclosure just over a month prior. This rapid weaponization demonstrates that threat actors actively monitor security disclosures and quickly develop working exploits, making rapid patching essential for organizations running vulnerable software.
Sources
https://thehackernews.com/2026/06/chrome-v8-zero-day-cve-2026-11645.html
https://thehackernews.com/2026/06/litellm-flaw-cve-2026-42271-exploited.html
https://securityaffairs.com/193371/hacking/google-fixes-fifth-actively-exploited-chrome-zero-day-of-2026.html
https://www.bleepingcomputer.com/news/security/google-patches-fifth-chrome-zero-day-bug-exploited-in-attacks-this-year

Comments