Attackers Actively Exploit Critical Chrome 0 Vulnerability Exploited
Google has urgently patched a high-severity zero-day vulnerability in Chrome, confirming its active exploitation in the wild. Tracked as CVE-2026-2441, the flaw is a use-after-free bug within the...
Google has urgently patched a high-severity zero-day vulnerability in Chrome, confirming its active exploitation in the wild. Tracked as CVE-2026-2441, the flaw is a use-after-free bug within the browser’s CSS handling. Independent researcher Shaheen Fazim reported the issue just five days ago, on February 11, 2026.
The company disclosed the issue alongside its latest Stable channel update, emphasizing that an exploit exists and urging users to update immediately to mitigate risks.
Chrome versions prior to the patches remain exposed to remote code execution attacks, where attackers could leverage the memory corruption to execute arbitrary code via malicious web content.
Use-after-free vulnerabilities like this one often stem from improper object lifecycle management in rendering engines, allowing freed memory to be accessed post-deallocation.
Attackers in the wild have weaponized CVE-2026-2441, likely chaining it with other primitives for sandbox escape and privilege escalation on Windows, macOS, and Linux systems. Google restricted full bug details until most users update, adhering to its policy for actively exploited flaws.
Vulnerability and Patch Details
The security fix addresses a single high-severity issue in this release cycle.
| CVE ID | CVSS Score | Description |
|---|---|---|
| CVE-2026-2441 | High (TBD) | Use after free in CSS |
Patched versions rolled out as follows:
| Platform | Patched Versions |
|---|---|
| Windows | 145.0.7632.75/.76 |
| macOS | 145.0.7632.75/.76 |
| Linux | 144.0.7559.75 |
Users should apply updates via Chrome’s built-in updater or enterprise management tools.
The rollout occurs gradually over days or weeks; auto-updates are enabled by default, but manual checks are recommended for high-risk environments.
Organizations should prioritize patching Chrome deployments, scan for indicators of compromise like anomalous network traffic to Google domains, and monitor CISA’s Known Exploited Vulnerabilities catalog for federal advisories.
This marks another CSS-related zero-day in Chrome’s history, underscoring persistent challenges in rendering engine security amid rising nation-state and financially motivated attacks targeting browsers.
No specific IOCs are public yet, but threat actors may distribute exploits via phishing or compromised sites. Security teams can reference the Chrome release log and Chromium security page for ongoing updates.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.
No Comment! Be the first one.