Google Fixes First Actively Exploited Chrome Zero-Day Vulnerability of 2026
A Critical Chrome Vulnerability Patched by Google
Google has released an emergency update for its Chrome browser to address a high-severity zero-day vulnerability that has been actively exploited in the wild. The patch, which was made available on February 17, fixes a use-after-free flaw in the browser’s CSS component, tracked as CVE-2026-2441.
While Google has not shared detailed information about attacks exploiting CVE-2026-2441, the vulnerability can likely be leveraged for arbitrary code execution by tricking a targeted user into visiting a malicious website. However, the code would be executed within a sandbox environment, and an additional vulnerability would likely be needed to escape the sandbox and achieve complete system compromise.
Impact and Mitigation
Despite the limitations, the vulnerability could still be exploited for data theft, session hijacking, and further attacks. The fact that the vulnerability has been actively exploited in the wild highlights the need for users to apply the patch as soon as possible.
The Chrome update, which brings the browser to version 145.0.7632.75/76 for Windows and Mac, and 144.0.7559.75 for Linux, addresses a total of 11 vulnerabilities. Google’s prompt response to the actively exploited zero-day vulnerability demonstrates the company’s commitment to protecting its users from emerging threats.
Previous Zero-Day Patches
In 2025, Google patched several Chrome zero-days, with six flaws listed in the company’s own zero-day tracker and seven included in the CISA KEV catalog. The latest patch serves as a reminder of the importance of keeping software up to date and the need for continuous monitoring for emerging threats.
About Author
English