Google on Friday launched safety updates for its Chrome browser to handle a safety flaw that it stated has been exploited within the wild.
The high-severity vulnerability, tracked as CVE-2026-2441 (CVSS rating: 8.8), has been described as a use-after-free bug in CSS. Safety researcher Shaheen Fazim has been credited with discovering and reporting the shortcoming on February 11, 2026.
“Use after free in CSS in Google Chrome previous to 145.0.7632.75 allowed a distant attacker to execute arbitrary code inside a sandbox by way of a crafted HTML web page,” based on an outline of the flaw within the NIST’s Nationwide Vulnerability Database (NVD).
Google didn’t disclose any particulars about how the vulnerability is being exploited within the wild, by whom, or who might have been focused, however it acknowledged that “an exploit for CVE-2026-2441 exists within the wild.”
Whereas Google Chrome is not any stranger to actively exploited vulnerabilities, the event as soon as once more highlights how browser-based flaws are a sexy goal for malicious actors, provided that they’re put in in every single place and expose a broad assault floor.
The disclosure of CVE-2026-2441 makes it the primary actively exploited zero-day in Chrome that Google has patched in 2026. Final 12 months, the tech big addressed eight zero-day flaws in Chrome that had been both actively exploited or demonstrated as a proof-of-concept (PoC).
Final week, Apple additionally shipped iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to handle a zero-day flaw (CVE-2026-20700, CVSS rating: 7.8) that had been weaponized as a zero-day to execute arbitrary code on prone gadgets as a part of an “extraordinarily refined assault” focusing on particular people who had been working iOS gadgets working variations earlier than iOS 26.
For optimum safety, customers are suggested to replace their Chrome browser to variations 145.0.7632.75/76 for Home windows and Apple macOS, and 144.0.7559.75 for Linux. To verify the most recent updates are put in, customers can navigate to Extra > Assist > About Google Chrome and choose Relaunch.
Customers of different Chromium-based browsers, corresponding to Microsoft Edge, Courageous, Opera, and Vivaldi, are additionally suggested to use the fixes as and after they change into obtainable.
