Google Patches Actively Exploited Chrome Zero-Day (CVE-2026-2441) – Users Urged to Update Immediately

Google has released urgent security updates for Chrome to fix CVE-2026-2441, a high-severity zero-day vulnerability actively exploited in the wild. Users are advised to update to the latest browser version immediately.

  Cyber Security News   Feb 16, 2026  Add to Reading List
Google Patches Actively Exploited Chrome Zero-Day (CVE-2026-2441) – Users Urged to Update Immediately

Google has released emergency security updates for its Google Chrome browser to address a high-severity vulnerability that is reportedly being exploited in the wild.

The flaw, tracked as CVE-2026-2441 (CVSS score: 8.8), is described as a use-after-free vulnerability in the browser’s CSS component. The issue was discovered and responsibly reported by security researcher Shaheen Fazim on February 11, 2026.

According to the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD), the vulnerability affects Chrome versions prior to 145.0.7632.75. A remote attacker could potentially exploit the flaw using a specially crafted HTML page to execute arbitrary code within Chrome’s sandbox environment.

Although Google confirmed that an exploit exists in the wild, the company has not disclosed specific details about attack methods, threat actors, or affected targets.

This marks the first actively exploited Chrome zero-day patched in 2026. In the previous year, Google addressed multiple zero-day vulnerabilities that were either exploited in real-world attacks or publicly demonstrated as proof-of-concept exploits.

Affected Versions and Update Details

Users are strongly advised to update Chrome to:

  • 145.0.7632.75/76 for Windows and macOS

  • 144.0.7559.75 for Linux

To update Chrome manually:

  1. Open Chrome

  2. Navigate to More > Help > About Google Chrome

  3. Allow the browser to check for updates

  4. Click Relaunch to apply the update

Users of other Chromium-based browsers such as:

  • Microsoft Edge

  • Brave

  • Opera

  • Vivaldi

are also encouraged to install security updates once patches become available.

Apple Also Addresses Zero-Day Vulnerability

Separately, Apple Inc. recently released security updates across its ecosystem to fix another actively exploited zero-day vulnerability, tracked as CVE-2026-20700 (CVSS score: 7.8).

The updates cover:

  • iOS

  • iPadOS

  • macOS

  • tvOS

  • watchOS

  • visionOS

Apple described the flaw as being used in an “extremely sophisticated attack” targeting specific individuals running older versions of iOS.

Why Browser Zero-Days Matter

Browsers remain a prime target for attackers due to their widespread usage and direct exposure to web content. Vulnerabilities such as use-after-free bugs can lead to memory corruption and remote code execution, making timely updates critical.

Users are strongly advised to ensure automatic updates are enabled and to apply patches immediately to minimize security risks.

Tags