New Chrome Zero-Day (CVE-2026-2441) Under Active Attack - Patch Released

New Chrome Zero-Day (CVE-2026-2441) Under Active Attack - Patch Released

Briefly

"The high-severity vulnerability, tracked as CVE-2026-2441 (CVSS score: 8.8), has been described as a use-after-free bug in CSS. Security researcher Shaheen Fazim has been credited with discovering and reporting the shortcoming on February 11, 2026. "Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page," according to a description of the flaw in the NIST's National Vulnerability Database (NVD)."

"Google did not disclose any details about how the vulnerability is being exploited in the wild, by whom, or who may have been targeted, but it acknowledged that "an exploit for CVE-2026-2441 exists in the wild." While Google Chrome is no stranger to actively exploited vulnerabilities, the development once again highlights how browser-based flaws are an attractive target for malicious actors, given that they are installed everywhere and expose a broad attack surface."

"Last week, Apple also shipped iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw (CVE-2026-20700, CVSS score: 7.8) that had been weaponized as a zero-day to execute arbitrary code on susceptible devices as part of an "extremely sophisticated attack" targeting specific individuals who were running iOS devices running versions before iOS 26."