You are currently viewing Google Addresses Actively Exploited Chrome Vulnerability CVE-2026-2441

Google Addresses Actively Exploited Chrome Vulnerability CVE-2026-2441

  • Post author:
  • Reading time:3 mins read

The discovery of CVE-2026-2441 reveals a critical zero-day vulnerability in Google Chrome that is actively being exploited in the wild. Successful exploitation could allow remote attackers to execute arbitrary code within Chrome’s sandbox environment, putting millions of users across Windows, macOS, and Linux at risk.

Vulnerability Details

Zero-Day Use-After-Free Vulnerability (CVE-2026-2441)

A high-severity use-after-free vulnerability, tracked as CVE-2026-2441, has been identified in Google Chrome’s CSS component. The issue stems from an iterator invalidation flaw within the CSSFontFeatureValuesMap implementation, which manages CSS font feature values.

In practical terms, this means:

  • Memory that has already been released can be re-accessed.
  • Attackers may manipulate heap memory layout to control reclaimed memory regions.
  • Carefully crafted HTML/CSS content can influence memory allocation patterns to increase exploit reliability.

When a victim visits a malicious webpage containing specially crafted CSS rules, the vulnerability can be triggered during style recalculation or rendering. Successful exploitation may allow an attacker to achieve arbitrary code execution within Chrome’s sandbox environment.

Because the flaw exists in the browser’s rendering process, no additional user interaction beyond visiting a webpage is required. This significantly lowers the exploitation barrier and increases real-world attack feasibility.

Security researchers reported the issue to Google on February 11, 2026. Google acknowledged that the vulnerability was being actively exploited in the wild prior to patch availability, classifying it as a zero-day vulnerability.

While exploitation is currently limited to code execution within the sandbox, sophisticated attackers may chain this flaw with additional vulnerabilities to attempt a sandbox escape, potentially leading to full system compromise.

Affected Products

  • Google Chrome versions prior to:
    • 145.0.7632.75/76 (Windows and macOS)
    • 144.0.7559.75 (Linux)

Tactics, Techniques, and Procedures (TTPs)

Attackers are exploiting this vulnerability to inject malicious instructions, potentially leading to Remote Code Execution within Chrome’s sandbox. The MITRE ATT&CK framework can help us understand the tactics and techniques employed in such attacks:

  • TA0005 – Execution: This tactic involves the attacker’s attempt to run malicious code.
  • T1203 – Exploitation for Client Execution: Attackers can exploit vulnerabilities in client-side applications to execute arbitrary code.

Mitigations

  • Immediately update Google Chrome to:
    • 145.0.7632.75/76 (Windows/macOS)
    • 144.0.7559.75 (Linux)
  • Ensure automatic updates are enabled.
  • Restart the browser after updating to apply the patch.
  • Monitor endpoint detection systems for abnormal browser behavior.
  • Apply updates to other Chromium-based browsers as soon as patches become available.

Instantly Fix Risks with Saner Patch Management

Saner patch management is a continuous, automated, and integrated software that instantly fixes risks exploited in the wild. The software supports major operating systems like Windows, Linux, and macOS, as well as 550+ third-party applications.

It also allows you to set up a safe testing area to test patches before deploying them in a primary production environment. Saner patch management additionally supports a patch rollback feature in case of patch failure or a system malfunction.

Experience the fastest and most accurate patching software here.