
Google patches its fifth exploited Chrome flaw this year
Google has released an emergency Chrome update after confirming that attackers are actively exploiting a security hole tracked as CVE-2026-11645. It is the fifth Chrome bug this year that criminals found and used before a fix existed – what the industry calls a zero-day. Google paid the researcher who reported it a US$55,000 bounty, a fair signal of how seriously it takes the problem.
The flaw sits in V8, the engine inside Chrome that runs the code behind almost every web page. In plain terms, simply landing on a malicious or compromised website could be enough for an attacker to run their own code on your computer – no download, no dodgy attachment. Google says the attacks seen so far are targeted rather than widespread, but once a fix is public, criminals move fast to use the bug against anyone who has not updated. Patched versions are out now for Windows, macOS and Linux.
Why this matters to your business
For most small businesses, the browser is the business: banking, email, Microsoft 365, Xero and your customer records all run through it. A browser that is a few weeks out of date is one of the easiest ways in – and browsers quietly fall behind simply because nobody ever restarts them.
- Update Chrome today. Go to Settings, then About Chrome (or type chrome://settings/help), let it download, then click Relaunch. The fix does nothing until the browser restarts.
- Check Edge and Brave too. They are built on the same engine as Chrome and ship their own matching updates – install them when prompted.
- Stop relying on memory. Across a whole office, manual updating always misses someone. Managed patching keeps every browser and PC current automatically, and proves it.
Worried this affects your business? Get a free 15-minute IT check – call Trends IT on 0485 011 911 or visit /contact/.
