Google released an immediate patch to address a high-severity zero-day vulnerability in Chrome. Identified as CVE-2026-2441, the vulnerability was confirmed to be actively exploited by attackers in the wild. With a CVSS score of 8.8, the vulnerability has been described as a use-after-free bug in CSS.
The zero‑day flaw in the Chrome browser allowed attackers to compromise users’ systems and steal data simply by tricking them into visiting malicious webpages. It impacted Chrome’s CSS, enabling attackers to process malicious code into a victim’s device by just having them open a compromised webpage.
A security researcher named Shaheen Fazim discovered and identified the vulnerability on Chrome primarily on February 11, 2026. Unpatched Chrome versions are vulnerable to remote code execution attacks, allowing attackers to use memory corruption while executing arbitrary code commands through unsafe content.
Understanding CVE-2026-2441 and Its Patch:
The vulnerability of CVE-2026-2441 in Chrome possibly originated from inappropriate object lifecycle management in rendering engines. This led to the availability of freed memory after deallocation.
Findings suggest that attackers are linking this vulnerability with other exploits to bypass sandboxing in Chrome and gain administrative privileges across all major platforms, including Windows, macOS, and Linux. While assessing the weakness and patching it, Google withheld full bug details, complying with its policy on actively exploited vulnerabilities.
Here are the details for the use-after-free vulnerability:
| CVE ID | CVSS Score | Description |
| CVE-2026-2441 | High (8.8) | Use after free in CSS |
Patched Chrome Versions Across Systems:
| System/Platform | Patched Versions |
| Windows | 145.0.7632.75/.76 |
| macOS | 145.0.7632.75/.76 |
| Linux | 144.0.7559.75 |
How to Patch the Vulnerability?
Though Google has made the patch roll out automatically to the global Chrome userbase, confirming it manually is highly recommended.
Users have to update Chrome to patch CVE-2026-2441. In Chrome, go to Settings> About Chrome, then start downloading the patched version. Relaunch the browser once the download is complete. It is important to patch all the endpoints of the browser, considering the severity of the identified vulnerability.
Google’s Take on CVE-2026-2441:
Google acknowledged the CVE-2026-2441 vulnerability and issued an immediate patch. The Stable channel of Chrome for desktop has been updated for Windows, Mac, and Linux. The update may continue for days and weeks.
The tech giant has acknowledged Shaheen Fazim for identifying the issue. It has further thanked the security researchers who contributed to the stable channel update development process while preventing security bugs. Later, Google also enabled users to access the full list of changes in the Stable channel update to keep track.
Do not forget to check out our latest news coverage for major security and tech updates!
Recommended For You:
5 C’s of Cybersecurity – Strategies for Business Owners to Eliminate Cyber Attacks
