New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released

Source: The Hacker News

Google released security updates for Chrome on Friday to address a high‑severity vulnerability that has been exploited in the wild.

Vulnerability Details

The flaw is tracked as CVE‑2026‑2441 (CVSS 8.8) and is described as a use‑after‑free bug in CSS. Security researcher Shaheen Fazim reported the issue on February 11, 2026.

“Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.” – NIST National Vulnerability Database (NVD)

Google confirmed that “an exploit for CVE‑2026‑2441 exists in the wild,” though it did not disclose details about the attacker or targeted victims.

Exploitation and Impact

Chrome has a history of actively exploited vulnerabilities, underscoring how attractive browser‑based flaws are to malicious actors due to their widespread deployment and large attack surface. CVE‑2026‑2441 is the first actively exploited zero‑day in Chrome that Google has patched in 2026. In the previous year, Google addressed eight zero‑day flaws that were either actively exploited or demonstrated as proof‑of‑concepts.

Patch and Mitigation

Google advises users to update Chrome to the following versions:

• Windows & macOS: 145.0.7632.75 / 145.0.7632.76
• Linux: 144.0.7559.75

To verify the update, open Chrome and navigate to More → Help → About Google Chrome, then click Relaunch if prompted.

Users of other Chromium‑based browsers (Microsoft Edge, Brave, Opera, Vivaldi) should apply the corresponding fixes as they become available.

Related Security Updates

• Apple shipped updates for iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS to fix CVE‑2026‑20700 (CVSS 7.8), a zero‑day used in a sophisticated attack targeting specific iOS users.