vulnerability🌐InternationalHeise Security
Google Chrome Emergency Update Patches Actively Exploited Zero-Day
Saturday, February 14, 2026
What
Google released an emergency update for its Chrome web browser to address CVE-2026-2441, a critical "Use after free" vulnerability. This flaw, found in CSS processing, allows attackers to execute arbitrary code within the browser's sandbox using specially crafted HTML pages, and is confirmed to be actively exploited in the wild.
Where
Google Chrome users on Windows, macOS, and Linux are affected.
When
Reported on February 11, 2026, and patched with an emergency update on February 13, 2026.
Key Factors
- •The vulnerability, CVE-2026-2441, is a "Use after free" flaw in Chrome's CSS processing, rated with a high CVSS score of 8.8.
- •This critical flaw is actively being exploited by attackers in the wild, enabling arbitrary code execution within the browser's sandbox.
- •The patch was released as an out-of-band emergency update, indicating the severity and urgency of addressing the active exploitation.
Takeaways
- →Users should immediately update their Google Chrome browser to the latest version (145.0.7632.75/76 or later) to mitigate the active exploitation risk.
- →Organizations should ensure all managed Chrome installations are promptly patched and consider implementing robust endpoint detection and response solutions to monitor for suspicious activity.
Read Full Article
Opens original article on Heise Security
