Google has released a Chrome 149 update that addresses 74 vulnerabilities, including a high-severity zero-day exploit tracked as CVE-2026-11645, which has been actively exploited. This vulnerability allows remote attackers to execute arbitrary code within a sandbox via a specially crafted HTML page. Reported by an anonymous researcher in late April, this marks the fifth Chrome zero-day vulnerability exploited in 2026. The surge in vulnerabilities identified by Google is likely influenced by AI tools, although the company has not disclosed specific details about these technologies. Furthermore, Google recently adjusted base bug bounties for Chrome vulnerabilities, reflecting the evolving landscape of security research tied to these advancements in AI.

Google: Google is a technology company that develops the Chrome web browser and manages its security updates. In this news, Google released Chrome version 149 to patch dozens of vulnerabilities, including a high-severity zero-day exploit in the V8 engine that allows arbitrary code execution. The company has seen an increase in internally discovered flaws, which it attributes to the use of AI tools.
anonymous researcher: The anonymous researcher is a security expert who responsibly reported the CVE-2026-11645 zero-day vulnerability to Google in late April. This individual has previously disclosed other Chrome vulnerabilities using the identifier ‘303f06e3’ and received a bug bounty award for the latest disclosure.

AI Influence: Google has observed a surge in Chrome vulnerabilities discovered internally, most likely driven by AI tools.
Bug Bounty Adjustments: Google recently reduced base bug bounties for Chrome vulnerabilities due to advancements in AI.
Vulnerability Disclosure: Security researchers continue to report high-severity Chrome vulnerabilities through Google’s responsible disclosure program.