Google has released an urgent security update for its Chrome browser after confirming an actively exploited zero-day vulnerability. The flaw is tracked as CVE-2026-2441. It was discovered while attackers were already using it in real-world attacks. Because of this confirmed exploitation, Google responded with an emergency patch.
The vulnerability is described as a “use-after-free” bug in Chrome’s CSS engine. This type of flaw occurs when a program continues to use memory after it has already been released. Such behavior can cause instability or unexpected actions inside the browser. In more serious cases, attackers can exploit it to execute malicious code.
Security researcher Shaheen Fazim reported the issue to Google on February 11, 2026. After reviewing the report, Google confirmed that an exploit exists in the wild. This means attackers were actively targeting vulnerable Chrome versions. The confirmation increased the urgency of releasing a fix.
Because Chrome is one of the most widely used browsers globally, the potential impact is significant. Attackers could design specially crafted websites to trigger the flaw. Simply visiting a malicious page on an unpatched browser could expose users to risk. That is why zero-day browser vulnerabilities are treated as high priority.
To address the problem, Google released patched versions across major platforms. The fixed versions include 145.0.7632.75 and 145.0.7632.76 for Windows and macOS users. For Linux systems, the secure version is 144.0.7559.75. Users running older versions remain vulnerable until they update.
Updating Chrome is a straightforward process that takes only a few minutes. Users need to open the browser menu and select “Help,” then click on “About Google Chrome.” The browser will automatically check for and install the latest update. A restart is required to complete the installation process properly.
Google has limited the amount of technical detail shared about the exploitation. This is a common security practice during active zero-day incidents. Restricting information helps prevent other attackers from copying the method. More detailed information may be released after most users are protected.
Browsers built on the Chromium engine may also be affected by this vulnerability. This includes Microsoft Edge, Brave, Opera, and Vivaldi. These vendors are expected to release their own updates incorporating the Chromium patch. The situation once again highlights the importance of keeping browsers updated at all times.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
