New Chrome Zero Day CVE-2026-2441 Actively Exploited, Security Patch Released

Google has released critical security updates for its Chrome browser on Friday to fix a high-severity vulnerability that has already been exploited in the wild.

The flaw, tracked as CVE-2026-2441 with a CVSS score of 8.8, is a use-after-free bug in CSS. Security researcher Shaheen Fazim reported the vulnerability on February 11, 2026, and has been credited for its discovery.

According to the National Vulnerability Database (NVD), “Use after free in CSS in Google Chrome versions prior to 145.0.7632.75 allowed remote attackers to execute arbitrary code inside a sandbox through a crafted HTML page.”

Google has not revealed details about who is exploiting the flaw or which targets have been affected but confirmed that “an exploit for CVE-2026-2441 exists in the wild.”

This incident highlights the ongoing risk of browser-based vulnerabilities, which remain attractive targets for attackers due to their widespread installation and large attack surface.

CVE-2026-2441 marks the first actively exploited zero-day patched by Google in Chrome this year. In 2025, the company addressed eight zero-day vulnerabilities in Chrome that were either actively exploited or demonstrated via proof-of-concept.

Meanwhile, Apple last week released updates for iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS to address another zero-day vulnerability, CVE-2026-20700 (CVSS score: 7.8), which had been weaponized in a highly targeted attack against devices running iOS versions prior to iOS 26.



Found this article interesting? Follow us on  X (Twitter) FacebookBlue sky and LinkedIn to read more exclusive content we post.