A week after the Google Chrome web browser was patched alongside a confirmation of the most ever security vulnerabilities, 429 in a single patch, 3.5 billion users find themselves facing a much smaller, yet perhaps even more critical update: this time it includes a zero-day vulnerability with an exploit already in the wild.

There can be no doubt that the June 2 security update, the biggest in Chrome history with an incredible 429 vulnerabilities , was a monster, largely thanks to the impact that AI-tooling is having on the vulnerability discovery process. The latest June 10 update fixes fewer vulnerabilities, 72 in total, with 17 getting a Common Vulnerabilities and Exposures severity rating of critical. But you would be wrong to think that size is everything. One of those vulnerabilities, CVE-2026-11645, discovered by a security researcher known as 303f06e3, who received a $55000 Google bug bounty payment , is a zero-day. This matters, as the out-of-bounds memory access issue in Chrome’s V8 Javascript engine already has an active exploit out there in the wild.

Here’s what you need to know about Chrome 149.0.7827.102/.103 and how you can manually force the update to get this vital protection as soon as possible.

Google Chrome 149 Update Fixes 72 Security Flaws, Including A Zero-Day With Known Exploit In The Wild

The good news is that all 72 security vulnerabilities included in the Google Chrome update announcement have been patched with the release of version 149.0.7827.102/.103 for Windows and Mac, and 149.0.7827.102 for Linux and Android. The bad news, this time around, Google has confirmed , is that there is an exploit for one of them already out there in the wild. Thankfully, the zero-day in question isn’t one of the 17 critical-rated vulnerabilities, but its high severity rating certainly doesn’t mean it can be ignored. Especially as it can be exploited remotely by way of a maliciously crafted web page and allow an attacker to execute arbitrary code, albeit within the web browser's sandbox.

All the critical vulnerabilities were discovered by Google itself, as were all but three of the 72 in total, hinting at how much help internal security teams are getting from AI in uncovering often long-standing bugs in product code.

The Chrome update for Windows, Mac and Linux users will be heading your way soon. You can already download the Android update from the Play Store. What’s more, Chrome updates automatically on the desktop, but there is a catch in that the rollout can take a few days to arrive. This is why I always recommend manually triggering the update to be on the safe side and ensure that zero-day protection is in place as soon as possible.

You can do this using the following steps:

Simply use the three-dot Chrome menu to select Help|About Google Chrome, and the update download and install process will begin.

Once the installation is complete, Google Chrome will prompt you to restart to activate the protection.