Google has released emergency security updates for Google Chrome to address a high-severity zero-day vulnerability that has been actively exploited in the wild.

The flaw, tracked as CVE-2026-2441, carries a CVSS score of 8.8 and affects the browser’s CSS component. Google confirmed that a working exploit exists but has not shared technical details about how the vulnerability is being abused or who may be behind the attacks.

Vulnerability Overview: CVE-2026-2441

CVE-2026-2441 is a use-after-free vulnerability in CSS that impacts Google Chrome versions prior to 145.0.7632.75.

According to the National Vulnerability Database (NVD), successful exploitation allows a remote attacker to execute arbitrary code within the browser sandbox by luring a victim into opening a specially crafted HTML page.

Key details
* Vulnerability type: Use-after-free (CSS)
* Impact: Arbitrary code execution (sandboxed)
* CVSS score: 8.8 (High)
* Attack vector: Malicious HTML page
* User interaction: Required (visit/open page)
* Exploit status: Actively exploited in the wild
The vulnerability was discovered and reported by security researcher Shaheen Fazim on February 11, 2026.

Why Browser Zero-Days Are High-Value Targets

Although Google Chrome regularly receives security updates, browser zero-days remain highly attractive to attackers. Browsers are:
* Installed on nearly every endpoint
* Constantly exposed to untrusted web content
* Capable of acting as an initial access vector
Even when exploitation is limited to sandboxed code execution, browser vulnerabilities are often chained with sandbox escape or privilege escalation flaws to achieve full system compromise.

First Actively Exploited Chrome Zero-Day of 2026

CVE-2026-2441 marks the first actively exploited Chrome zero-day patched in 2026. In comparison, Google fixed eight Chrome zero-day vulnerabilities in 2025, either observed in active attacks or demonstrated via proof-of-concept exploits.
The disclosure reinforces a broader trend: browser exploitation remains a core tactic for both cybercriminals and advanced threat actors.

Related Zero-Day Activity Across Platforms

The Chrome update follows another recent high-profile zero-day disclosure. Last week, Apple released security updates for iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS to address CVE-2026-20700 (CVSS 7.8).

That vulnerability was reportedly used in an “extremely sophisticated attack” targeting specific individuals running older versions of iOS, highlighting the continued use of zero-days in targeted operations.

Affected Versions and Recommended Updates

Google recommends updating Chrome immediately to the following versions:?
* Windows & macOS: 145.0.7632.75 / 145.0.7632.76
* Linux: 144.0.7559.75

To verify your version:
1)Open Chrome
2)Navigate to More > Help > About Google Chrome
3) Install updates and click Relaunch

Impact on Chromium-Based Browsers

Other browsers built on Chromium may also be affected, including:
* Microsoft Edge
* Brave
* Opera
* Vivaldi
Users of these browsers should apply updates as soon as fixes become available from their respective vendors.