New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released - The Hacker News

New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released Ravie LakshmananFeb 16, 2026Zero-Day / Browser Security Google on Friday released security updates for its Chrome browser to address a security flaw that it said has been exploited in the wild. The high-severity vulnerability, tracked as CVE-2026-2441 (CVSS score: 8.8), has been described as a use-after-free bug in CSS. Security researcher Shaheen Fazim has been credited with discovering and reporting the shortcoming on February 11, 2026. "Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page," according to a description of the flaw in the NIST's National Vulnerability Database (NVD). Google did not disclose any details about how the vulnerability is being exploited in the wild, by whom, or who may have been targeted, but it acknowledged that "an exploit for CVE-2026-2441 exists in the wild." While Google Chrome is no stranger to actively exploited vulnerabilities, the development once again highlights how browser-based flaws are an attractive target for malicious actors, given that they are installed everywhere and expose a broad attack surface. The disclosure of CVE-2026-2441 makes it the first actively exploited zero-day in Chrome that Google has patched in 2026. Last year, the tech giant addressed eight zero-day flaws in Chrome that were either actively exploited or demonstrated as a proof-of-concept (PoC). Last week, Apple also shipped iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw (CVE-2026-20700, CVSS score: 7.8) that had been weaponized as a zero-day to execute arbitrary code on susceptible devices as part of an "extremely sophisticated attack" targeting specific individuals who were running iOS versions before iOS 26. For optimal protection, users are advised to update their Chrome browser to versions 145.0.7632.75/76 for Windows and Apple macOS, and 144.0.7559.75 for Linux. To make sure the latest updates are installed, users can navigate to More > Help > About Google Chrome and select Relaunch. Users of other Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, are also advised to apply the fixes as and when they become available. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  browser security, cybersecurity, Google Chrome, Patch Management, remote code execution, Threat Intelligence, Vulnerability, web security, zero-day Trending News Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication 149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model ⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack and Vibe-Coded Malware Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1 Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited ThreatsDay Bulletin: DDR5 Bot Scalping, Samsung TV Tracking, Reddit Privacy Fine and More APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday Load More ▼ Popular Resources Self-Hosted WAF: Block SQLi, XSS, and Bots Before They Reach Your Apps Identity Controls Checklist: Find Missing Protections in Apps Read CYBER360 2026: From Zero Trust Limits to Data-Centric Security Paths 19,053 Confirmed Breaches in 2025 – Key Trends and Predictions for 2026