Google released security updates for Chrome on Friday to address a high severity use after free bug in CSS and acknowledged in a Stable Channel update that an exploit exists in the wild. The issue is tracked as CVE-2026-2441, carries a CVSS score of 8.8, and was discovered by security researcher Shaheen Fazim on February 11, 2026.
KEY FACTS
- Incident Exploit exists in the wild
- Vulnerability Use after free in CSS, CVE-2026-2441
- Severity CVSS score 8.8
- Mitigation Update Chrome to the patched versions
Security researcher Shaheen Fazim discovered the flaw and reported it on February 11, 2026.
The flaw is a use after free bug in CSS that can allow remote code execution inside Chrome’s sandbox when a user opens a crafted HTML page. The bug is tracked as CVE-2026-2441 and is rated high severity.
Details on how the vulnerability is being exploited, who is using an exploit, and any targets remain undisclosed. The disclosure confirms active exploitation but provides no technical exploit details.
For protection update Chrome to versions 145.0.7632.75 and 145.0.7632.76 for Windows and macOS, and 144.0.7559.75 for Linux. To apply the update open More, select Help, then About Google Chrome and choose Relaunch. Users of other Chromium based browsers should apply vendor patches when they become available.
WHY IT MATTERS
Browser vulnerabilities are attractive to attackers because browsers are widely installed and expose a broad attack surface. Applying the available updates reduces exposure to known active exploits.