Google on Friday released security updates for its Chrome browser to address security flaws it says are being exploited in the wild.
This high-severity vulnerability is tracked as CVE-2026-2441 (CVSS score: 8.8) and is described as a use-after-free bug in CSS. Security researcher Shaheen Fazim is credited with discovering and reporting the flaw on February 11, 2026.
According to the flaw description in NIST’s National Vulnerability Database (NVD), “A use-after-free in CSS in Google Chrome prior to 145.0.7632.75 could allow a remote attacker to execute arbitrary code in a sandbox via a crafted HTML page.”
Google did not provide details about how the vulnerability is being exploited in the wild, by whom, or who is being targeted, but acknowledged that “exploits of CVE-2026-2441 do exist in the wild.”
Google Chrome is no stranger to being actively exploited, but this development once again highlights how browser-based flaws are an attractive target for malicious actors, given their ubiquitous installation and exposure of a wide attack surface.
The disclosure of CVE-2026-2441 makes it the first actively exploited zero-day vulnerability in Chrome that Google has patched in 2026. Last year, the tech giant addressed eight zero-day flaws in Chrome that were actively exploited or demonstrated as proofs of concept (PoC).
Last week, Apple also announced that it was targeting iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS to address a zero-day flaw (CVE-2026-20700, CVSS score: 7.8) that had been weaponized as a zero-day to execute arbitrary code on susceptible devices as part of a “very sophisticated attack” targeting certain individuals running iOS devices running versions prior to iOS 26. We have shipped an update.
For optimal protection, we recommend updating your Chrome browser to version 145.0.7632.75/76 for Windows and Apple macOS and 144.0.7559.75 for Linux. To ensure the latest updates are installed, users can[詳細]>[ヘルプ]>[Google Chrome について]Move to[再起動]Select.
Users of other Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also encouraged to apply fixes when they become available.
Source link
