Google patches Chrome vulnerability with in-the-wild exploit (CVE-2026-2441)

Google released a security update for Chrome to address a high-severity zero‑day vulnerability (CVE-2026-2441) on Friday.

“Google is aware that an exploit for CVE-2026-2441 exists in the wild,” the company said.

About CVE-2026-2441

CVE-2026-2441 is a use-after-free bug in the CSS processing component of Google Chrome, which allows a remote attacker “to execute arbitrary code inside a sandbox via a crafted HTML page.”

The vulnerability was reported by researcher Shaheen Fazim on February 11, 2026.

Whether a coincidence or not, came a day after Google shipped a fix for another use-after-free flaw in the same component that was also flagged by researchers.

As per usual, Google did not share more details about the fixed zero-day, nor details about its possible in-the-wild exploitation.

The fix has been shipped in Chrome 145.0.7632.75/76 for Windows/Mac and 144.0.7559.75 for Linux.

If automatic updates are enabled in Chrome, the security patch has likely already been downloaded – you only need to restart the browser for it to take effect. If you update manually, you should check for the latest version and install it as soon as possible.

Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!