Google has issued urgent security updates for its popular Chrome browser to patch a critical, actively exploited zero-day vulnerability, CVE-2026-2441. This high-severity flaw, described as a use-after-free bug within the browser’s CSS engine, poses a significant risk, allowing remote attackers to execute arbitrary code within the browser’s sandbox. The discovery was reportedly made by security researcher Shaheen Fazim on February 11, 2026. The company acknowledged that an exploit for this vulnerability is already in the wild, making immediate user action crucial.
Chrome Addresses Actively Exploited Zero-Day Vulnerability
The critical vulnerability, identified as CVE-2026-2441, carries a CVSS score of 8.8, highlighting its severe nature. According to the National Vulnerability Database (NVD), the flaw in Google Chrome versions prior to 145.0.7632.75 could permit a remote attacker to achieve code execution by tricking a user into visiting a specially crafted HTML page. Google has, however, remained tight-lipped about the specifics of ongoing exploitation, including who is behind the attacks or who has been targeted.
This disclosure marks the first actively exploited zero-day vulnerability in Chrome that Google has addressed in 2026. In the previous year, the tech giant patched eight such zero-day flaws, underscoring the persistent threat posed by browser vulnerabilities to both individual users and organizations.
Browser-based exploits continue to be a favored vector for malicious actors due to their widespread installation and extensive attack surface. The ubiquity of web browsers means that a single vulnerability can potentially impact millions of users across various platforms.
Meanwhile, other major technology companies are also contending with similar threats. Just last week, Apple released extensive security updates for its operating systems, including iOS, iPadOS, macOS, tvOS, watchOS, and visionOS. These patches addressed a zero-day flaw (CVE-2026-20700) that was reportedly being used in highly sophisticated attacks to execute arbitrary code on vulnerable devices, specifically targeting individuals using older versions of iOS.
Immediate Action for Chrome Users Recommended
To safeguard against the newly patched vulnerability, users are strongly advised to update their Google Chrome browser without delay. For users on Windows and Apple macOS, the update to version 145.0.7632.75 or 145.0.7632.76 is recommended. Linux users should update to version 144.0.7559.75. To confirm that the latest security patches have been applied, users can navigate to the ‘More’ menu, select ‘Help,’ then ‘About Google Chrome,’ and click ‘Relaunch’ if an update is pending.
Additionally, users of other browsers built on the Chromium open-source project are also urged to apply the corresponding security fixes. This includes popular browsers such as Microsoft Edge, Brave, Opera, and Vivaldi. While specific patch timelines for these browsers may vary, prompt updates are essential for maintaining a strong security posture.
The ongoing discovery and patching of zero-day vulnerabilities like CVE-2026-2441 highlight the continuous cat-and-mouse game between software vendors and cybercriminals. As security researchers push the boundaries of exploit detection, attackers are simultaneously seeking new avenues for compromise. It is anticipated that other Chromium-based browsers will release their updates shortly, prioritizing the mitigation of this critical Chrome zero-day.