"Google released an emergency Chrome update on Friday to patch a zero-day vulnerability that has been exploited in the wild. Chrome 145.0.7632.75/76 for Windows/Mac and 144.0.7559.75 for Linux fix CVE-2026-2441, described as a high-severity use-after-free vulnerability in the browser's CSS component. "Google is aware that an exploit for CVE-2026-2441 exists in the wild," Google said in its advisory. Google has credited researcher Shaheen Fazim for reporting the vulnerability."
"The actively exploited flaw was disclosed to the vendor on February 11, only two days before it was patched. Fazim was credited by Google last year for responsibly disclosing several high-severity Chrome vulnerabilities. A bug bounty reward for CVE-2026-2441 has not yet been determined. Some of his previous reports earned the researcher $7,000 and $8,000. There appears to be no public information about attacks exploiting CVE-2026-2441."
Google released emergency Chrome updates (Chrome 145.0.7632.75/76 for Windows/Mac and 144.0.7559.75 for Linux) that fix CVE-2026-2441, a high-severity use-after-free vulnerability in the browser's CSS component that has been exploited in the wild. The flaw was reported on February 11 by researcher Shaheen Fazim, who has previously disclosed high-severity Chrome bugs. Exploitation can likely achieve arbitrary code execution if a user visits a malicious website, though code would execute inside Chrome’s sandbox and an additional flaw would likely be required to escape to full system takeover. The vulnerability could enable data theft, session hijacking, and follow-on attacks.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]