A remote code execution vulnerability in Google’s Chromium V8 engine allows attackers to execute arbitrary code within a sandbox through malicious HTML pages. The flaw affects multiple browsers including Chrome, Edge, and Opera. Organizations must apply vendor patches by the June 2026 deadline or discontinue use if mitigations are unavailable.

Why it matters in Western Canada: Western Canadian organizations across all sectors rely on Chromium-based browsers for daily operations; unpatched systems expose staff and critical infrastructure to potential compromise via email phishing or compromised websites.

CVEs: CVE-2026-11645

---

Summary generated from the original advisory. Read the full source: cisa-kev