Follow 
Right after Apple’s CVE-2026-20700 zero-day under active exploitation made headlines, Google released security updates for Chrome to address the first actively exploited Chrome zero-day of 2026.
CVE-2026-2441 Analysis
The high-severity flaw, tracked as CVE-2026-2441, is a use-after-free vulnerability in Chrome’s CSS component. NIST’s NVD description notes that the issue could allow a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. In fact, a user only needs to land on a maliciously-crafted page for the attacker to trigger the bug and run code within the browser’s sandboxed environment.
Zero-day exploitation is rising. In 2024, Google’s Threat Intelligence Group reported 75 zero-days exploited in real attacks, and by 2025 exploits were still the top initial access method, accounting for 33% of intrusion paths. In that context, browser vulnerabilities remain a persistent threat for defenders. Browsers are everywhere, they continuously handle untrusted web content, and the trigger can be as simple as a user opening a link.
Sign up for SOC Prime Platform to access the global marketplace of 750,000+ detection rules and queries made by detection engineers, updated daily, and enriched with AI-native threat intel to proactively defend against existing and current threats anticipated most. Just click the Explore Detections below and immediately reach the extensive detection stack filtered out by “CVE” tag. All detections are compatible with dozens of SIEM, EDR, and Data Lake formats and are mapped to MITRE ATT&CK®.Â
Security experts can also leverage Uncoder AI to accelerate detection engineering end-to-end by generating rules directly from live threat reports, refining and validating detection logic, visualizing Attack Flows, converting IOCs into custom hunting queries, and instantly translating detection code across diverse language formats.
CVE-2026-2441 Mitigation
Google’s advisory notes that a fix for CVE-2026-2441 was delivered in the Stable channel update released on February 13, 2026. The patched builds are Chrome 145.0.7632.75/76 for Windows and macOS and 144.0.7559.75 for Linux, with rollout expected over the following days and weeks.
Google has shared very little technical detail, but it has confirmed it is aware of in-the-wild exploitation of CVE-2026-2441. Security researcher Shaheen Fazim has been credited with discovering and reporting the issue on February 11, 2026.
Users are advised to update Chrome to the fixed build on every endpoint and make sure the browser is restarted so the patched version is actually running. Additionally, by leveraging SOC Prime’s AI-Native Detection Intelligence Platform backed by top cyber defense expertise, global organizations can adopt a resilient security posture and transform their SOC to always stay ahead of emerging threats.
FAQ
What is CVE-2026-2441 and how does it work?
CVE-2026-2441 is a high-severity use-after-free vulnerability in Chrome’s CSS component that can be triggered by a crafted HTML page and used to execute arbitrary code inside the Chrome sandbox.
When was CVE-2026-2441 first discovered?
Google’s Chrome release notes credit Shaheen Fazim with reporting the issue on February 11, 2026, and the Stable channel fix shipped on February 13, 2026.
What risks does CVE-2026-2441 pose to organizations?
Because exploitation is confirmed in the wild, the risk is practical and immediate. A successful exploit can turn normal browsing into an entry point for malware delivery, credential theft through session hijacking or token access, and follow-on compromise when paired with additional vulnerabilities or social engineering.
Can CVE-2026-2441 still affect me in 2026?
Yes. Any system running Chrome versions prior to 145.0.7632.75/76 for Windows and macOS and 144.0.7559.75 for Linux, or systems that downloaded the update but have not restarted Chrome, can remain exposed.
How can you protect from CVE-2026-2441?
Update Chrome to the latest Stable build for your OS and restart the browser to apply it, then verify version compliance across endpoints.
