UMVA has learned that a critical security update is available for Chrome and Chromium-based browsers, such as Edge, that could put users' data at risk if not installed.
A recent update for Chrome, version 149.0.7827.102/.103 for Windows and Mac and 149.0.7827.102 for Linux, includes patches for 74 security vulnerabilities, with 17 rated as "Critical" and most of the others rated "High".
According to information obtained by UMVA, one of these vulnerabilities is currently being actively exploited by hackers, making this update extremely important. This flaw, tracked as CVE-2026-11645, is an "out of bounds memory access" vulnerability affecting V8, Chrome's JavaScript engine.
Hackers can exploit this vulnerability to run their own code in Chrome, as if it were legitimate, by tricking users into clicking a link to a malicious website. This could allow them to effectively take over the browser and access sensitive data.
This vulnerability is considered a "zero-day" exploit, meaning it was exploited before a patch was available, and hackers could potentially abuse it on a large scale before most users have a chance to update their browsers.
While the exploit is limited to Chrome and can't be used to access other parts of the device, it's still crucial to block attackers from exploiting this flaw and any others they may discover. Users should update Chrome as soon as possible to protect themselves.
To check Chrome's update status, users can click the three-dots in the top-right corner of the window, then head to Help > About Google Chrome. If an update is available, users should hit "Relaunch" to install the patch and protect their data.
Users of other Chromium-based browsers should also keep an eye on their update channels, as the patch will be available for them soon. Installing the update as soon as it's available will help prevent hackers from exploiting these vulnerabilities.