Two days after disclosing CVE-2024-4761 Google announced that another vulnerability (CVE-2024-4947) in Chrome's V8 engine has been exploited in the wild, but CISA has yet to add it to the KEV catalog.

Now, with CISA adding the bug to KEV, FCEB agencies have until June 5 to patch their Chrome instances or stop using the browser altogether. The first clean versions are 136.0.7103.113 for Windows ...

The CISA reported that CVE-2025-4664 is already being exploited in the wild and that it impacts the Google Chromium Loader, a part of Chrome that gathers and displays information for users.

Bleeping Computer reports that the bug, tracked under the name CVE-2025-6558, allowed for attackers to target Google Chrome users by crafting malicious HTML pages, potentially allowing them to run ...

Apple's iOS 18.6 update fixes a zero-day vulnerability affecting Chrome users. It doesn't appear the flaw has targeted Apple users directly.

CISA also added the CVE-2024-0519 out-of-bounds memory access in the Chromium V8 JavaScript engine to its KEV list today. This is the first Chrome zero-day exploited in the wild patched by Google ...

CISA’s announcement of the Tuesday night extension came just hours after a subset of the CVE Board said it plans to break off to maintain the program under a new body called the CVE Foundation.