Chrome 0-Day Vulnerability Actively Exploited by Attackers in the Wild - CybersecurityNews

Home Cyber Security Chrome 0-Day Vulnerability Actively Exploited by Attackers in the Wild Chrome 0-Day Vulnerability Exploited Google has urgently patched a high-severity zero-day vulnerability in Chrome, confirming active exploitation in the wild. Tracked as CVE-2026-2441, the flaw is a use-after-free bug in the browser’s CSS handling, reported by independent researcher Shaheen Fazim just five days ago on February 11, 2026. The company disclosed the issue alongside its latest Stable channel update, emphasizing that an exploit exists and urging users to update immediately to mitigate risks. Chrome versions prior to the patches remain exposed to remote code execution attacks, where attackers could leverage the memory corruption to execute arbitrary code via malicious web content. Use-after-free vulnerabilities like this one often stem from improper object lifecycle management in rendering engines, allowing freed memory to be accessed post-deallocation. Attackers in the wild have weaponized CVE-2026-2441, likely chaining it with other primitives for sandbox escape and privilege escalation on Windows, macOS, and Linux systems. Google restricted full bug details until most users update, adhering to its policy for actively exploited flaws. Vulnerability and Patch Details The security fix addresses a single high-severity issue in this release cycle. CVE ID CVSS Score Description CVE-2026-2441 High (TBD) Use after free in CSS Patched versions rolled out as follows: Platform Patched Versions Windows 145.0.7632.75/.76 macOS 145.0.7632.75/.76 Linux 144.0.7559.75 Users should apply updates via Chrome’s built-in updater or enterprise management tools. The rollout occurs gradually over days or weeks; auto-updates are enabled by default, but manual checks are recommended for high-risk environments. Organizations should prioritize patching Chrome deployments, scan for indicators of compromise like anomalous network traffic to Google domains, and monitor CISA’s Known Exploited Vulnerabilities catalog for federal advisories. This marks another CSS-related zero-day in Chrome’s history, underscoring persistent challenges in rendering engine security amid rising nation-state and financially motivated attacks targeting browsers. No specific IOCs are public yet, but threat actors may distribute exploits via phishing or compromised sites. Security teams can reference the Chrome release log and Chromium security page for ongoing updates. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. RELATED ARTICLESMORE FROM AUTHOR Cyber Security News IBM Uncovers ‘Slopoly,’ Likely AI-Generated Malware Used in Hive0163 Ransomware Attack Cyber Security News Qihoo 360 Leaked Its Own Wildcard SSL Private Key Inside Public AI Installer Cyber Security News Fake FileZilla Downloads Lead to RAT Infections Through Stealthy Multi-Stage Loader Top 10 Essential E-Signature Solutions for Cybersecurity in 2026 January 31, 2026 Top 10 Best Data Removal Services In 2026 January 29, 2026 Best VPN Services of 2026: Fast, Secure & Affordable January 26, 2026 Top 10 Best Data Security Companies in 2026 January 23, 2026 Top 15 Best Ethical Hacking Tools – 2026 January 15, 2026