Google confirmed active exploitation in the wild by quickly patching a high-severity zero-day vulnerability in Chrome This article explores vulnerability chrome updates. . Updates to versions 145.0.7632.75/76 for Mac and Windows and 144.0.7559.75 for Linux were released by the Stable Channel on February 13, 2026.

Just two days prior, on February 11, security researcher Shaheen Fazim discovered a use-after-free vulnerability in the CSS component known as CVE-2026-2441, which this fix fixes. Google makes it clear that it is aware of exploits that target this bug and advises users to update right away in order to reduce risks. Freed CSS objects can be accessed after deallocation due to a memory corruption vulnerability, which could allow for arbitrary code execution. By using malicious websites, attackers could take advantage of this and fool users into visiting compromised websites.

It escaped detection as a zero-day until Fazim's report, demonstrating the speed at which contemporary threat actors operate. The changes from 145.0.7632.67 are detailed in Chrome's update log, with limited bug access until the majority of users patch. This is Chrome's 2026 Stable Channel's first exploited zero-day.

Important Technical Specifications and Patch Information CVE ID CVSS Score Affected Versions Patched Versions Attack Vector CVE-2026-2441 8.8 (High) Chrome <145.0.7632.75 (Win/Mac) <144.0.7559.75 (Linux) 145.0.7632.75/76 (Win/Mac) 144.0.7559.75 (Linux) Network (webpage) Although CISA and Microsoft security teams are keeping an eye out for related campaigns, no specific IOCs, such as malware hashes or attacker IPs, have come to light as of yet. Businesses should check for out-of-date Chrome versions and prioritize auto-updates through Group Policy. Google attributes many pre-stable fixes to memory sanitizers like AddressSanitizer, which are used in detection.

With over 65% of the global browser share and a Google Chrome Zero-Day Flaw Under Active Exploitation by Threat Actors, Chrome is a prime target for drive-by attacks, as this incident highlights. Although Fazim received rewards for his prompt reporting through Chromium's bug bounty, the urgency is increased by real-world exploits. Remote code execution without symptoms is a serious risk for users of older versions.

According to its policy regarding third-party library dependencies, Google keeps track of bug details. Use Chrome's Help > About menu to update right now. Use package managers to confirm for Linux administrators. Be on the lookout for phishing lures that imitate trustworthy websites.

Make ZeroOwl a Google Preferred Source.