On February 13, 2026, the Stable Channel rolled out updates to versions 145.0.7632.75/76 for Windows and Mac, and 144.0.7559.75 for Linux.
This fix addresses CVE-2026-2441, a use-after-free flaw in the CSS component, reported by security researcher Shaheen Fazim just two days earlier on February 11.
Google explicitly states it is aware of exploits targeting this bug, urging users to update immediately to mitigate risks.
The vulnerability stems from a memory corruption issue where freed CSS objects are accessed post-deallocation, potentially enabling arbitrary code execution.
Attackers could leverage this through malicious web pages, tricking users into visiting compromised sites.
As a zero-day, it evaded detection until Fazim’s report, highlighting the pace of modern threat actors.
Chrome’s update log details the changes from 145.0.7632.67, with restricted bug access until most users patch. This marks the first exploited zero-day in Chrome’s 2026 Stable Channel.
| CVE ID | CVSS Score | Affected Versions | Patched Versions | Attack Vector |
|---|---|---|---|---|
| CVE-2026-2441 | 8.8 (High) | Chrome <145.0.7632.75 (Win/Mac) <144.0.7559.75 (Linux) | 145.0.7632.75/76 (Win/Mac) 144.0.7559.75 (Linux) | Network (webpage) |
No specific IOCs like malware hashes or attacker IPs have surfaced publicly yet, but CISA and Microsoft security teams are monitoring for related campaigns.
Enterprises should prioritize auto-updates via Group Policy and scan for outdated instances of Chrome.
Detection relies on memory sanitizers like AddressSanitizer, which Google credits for many pre-stable fixes.
This incident underscores Chrome’s dominance as a target, with a Google Chrome Zero-Day Flaw Under Active Exploitation by Threat Actors, holding over 65% of the global browser share, making it prime for drive-by attacks.
Fazim’s quick reporting via Chromium’s bug bounty earned rewards, but real-world exploits amplify urgency. Users on older versions face a high risk of remote code execution without symptoms.
Google retains bug details under its policy for third-party library dependencies.
Update now through Chrome’s Help > About menu. For Linux admins, verify via package managers. Stay vigilant for phishing lures mimicking a legit site.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google
The post Google Chrome Zero-Day Flaw Under Active Exploitation by Threat Actors appeared first on Cyber Security News.
A sophisticated and long-running Magecart campaign has been quietly operating for over 24 months, infecting…
MORRISTOWN, Ind. (WOWO) — According to the Shelby County Sheriff’s Office, a woman was arrested…
Tennessee Comptroller Jason Mumpower, at lectern, is joined by other Republican legislative leaders in unveiling…
Protesters attend a rally on protecting birthright citizenship outside the U.S. Supreme Court as U.S.…
It's only been about two months since it was announced that Brandon Sanderson's Cosmere universe…
This website uses cookies.