Google on Friday launched security updates for its Chrome browser to handle a security flaw that it stated has been exploited within the wild.
The high-severity vulnerability, tracked as CVE-2026-2441 (CVSS rating: 8.8), has been described as a use-after-free bug in CSS. Safety researcher Shaheen Fazim has been credited with discovering and reporting the shortcoming on February 11, 2026.
“Use after free in CSS in Google Chrome previous to 145.0.7632.75 allowed a distant attacker to execute arbitrary code inside a sandbox by way of a crafted HTML web page,” in line with an outline of the flaw within the NIST’s Nationwide Vulnerability Database (NVD).
Google didn’t disclose any particulars about how the vulnerability is being exploited within the wild, by whom, or who might have been focused, but it surely acknowledged that “an exploit for CVE-2026-2441 exists within the wild.”
Whereas Google Chrome is not any stranger to actively exploited vulnerabilities, the event as soon as once more highlights how browser-based flaws are a gorgeous goal for malicious actors, provided that they’re put in in every single place and expose a broad assault floor.
The disclosure of CVE-2026-2441 makes it the primary actively exploited zero-day in Chrome that Google has patched in 2026. Final yr, the tech large addressed eight zero-day flaws in Chrome that have been both actively exploited or demonstrated as a proof-of-concept (PoC).
Final week, Apple additionally shipped iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to handle a zero-day flaw (CVE-2026-20700, CVSS rating: 7.8) that had been weaponized as a zero-day to execute arbitrary code on vulnerable units as a part of an “extraordinarily refined assault” concentrating on particular people who have been working iOS units working variations earlier than iOS 26.
For optimum safety, customers are suggested to replace their Chrome browser to variations 145.0.7632.75/76 for Home windows and Apple macOS, and 144.0.7559.75 for Linux. To ensure the most recent updates are put in, customers can navigate to Extra > Assist > About Google Chrome and choose Relaunch.
Customers of different Chromium-based browsers, similar to Microsoft Edge, Courageous, Opera, and Vivaldi, are additionally suggested to use the fixes as and once they turn into obtainable.
