Back
Technology

Google Chrome Patches Actively Exploited Zero-Day Vulnerability in CSS

Generated on: Last updated: 1 sources
View source

Google Patches Actively Exploited Chrome Zero-Day Vulnerability

Google has issued security updates for its Chrome browser to address a high-severity vulnerability that has been actively exploited. This critical update aims to protect users from potential threats posed by the newly identified flaw.

Understanding the Flaw: CVE-2026-2441

The vulnerability, tracked as CVE-2026-2441, carries a significant CVSS score of 8.8, indicating its high severity. It is classified as a use-after-free bug found specifically in CSS. Security researcher Shaheen Fazim responsibly reported this flaw on February 11, 2026.

According to the NIST's National Vulnerability Database (NVD), this bug allows a remote attacker to execute arbitrary code within a sandbox environment by using a specially crafted HTML page.

Active Exploitation Confirmed

Google has officially confirmed that an exploit for CVE-2026-2441 is actively being used in the wild. While the company has not disclosed specific details regarding the exploitation methods, involved parties, or targeted individuals, the confirmation underscores the urgency of applying the available patch.

This marks the first actively exploited zero-day vulnerability in Chrome that Google has addressed in 2026. In the previous year, 2025, the company patched a total of eight zero-day flaws in Chrome, which were either actively exploited or demonstrated as proof-of-concept.

Broader Threat Landscape: Apple's Recent Patch

The urgency to patch software vulnerabilities extends beyond Google Chrome. Last week, Apple also released updates for iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS to fix a separate zero-day flaw (CVE-2026-20700, CVSS score: 7.8).

This Apple vulnerability was reportedly weaponized in a "sophisticated attack" designed to execute arbitrary code on devices running iOS versions prior to iOS 26, specifically targeting certain individuals.

Immediate Action Recommended: Update Your Browser

Users are strongly advised to update their Chrome browser to ensure optimal protection against this actively exploited vulnerability. Applying the update is crucial for safeguarding personal data and maintaining browser security.

The recommended browser versions are:

  • 145.0.7632.75/76 for Windows and Apple macOS
  • 144.0.7559.75 for Linux

To update your Chrome browser:

  1. Navigate to "More" (usually three vertical dots in the top right corner).
  2. Select "Help".
  3. Choose "About Google Chrome".
  4. Once the update is downloaded, select "Relaunch" to apply it.

Users of other Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, should also monitor for and apply available fixes as soon as they are released by their respective developers.