Google has published security patches for its Chrome browser after identifying a vulnerability that is already being exploited in real environments. The failure, recorded as CVE-2026-2441 and qualified with a high CVSS score (8.8), affects CSS processing and can allow an attacker to run code remotely through a HTML page designed to take advantage of the failure; this technical description is found in the NIST vulnerability database, where more information can be found in detail: NVD - CVE-2026-2441.
The detection was attributed to investigator Shaheen Fazim, who reported the problem on 11 February 2026. Google has publicly confirmed that there is at least one active explosion for this vulnerability, although at the moment the company has not disclosed specific details about how it is being used or who the targets have been. The official update note is available on the Chrome release blog: Chrome Releases - Stable Channel update.
From the technical point of view, it is a classic "use-after-free" related to the engine that interprets the CSS rules. In simple terms, that type of failure arises when the browser tries to use memory that was already released, which can open the door to an attacker manipulating the program's behavior and running code within the restrictions of the running environment. Although the operation is often limited to the "sandbox" of the browser, this does not decrease the gravity: browsers are privileged targets because they are installed on almost all computers and mobile and process external content continuously, so a single failure can affect millions of users.
This emergency intervention makes CVE-2026-2441 the first zero-day actively exploited in Chrome that Google has patched in 2026. It is not an isolated phenomenon: during the previous year the company corrected several critical vulnerabilities in the browser, some of them also exploited in practice. This trend underlines the need to keep the software up to date.
In parallel, in recent weeks Apple also launched patches for multiple systems - including iOS, iPadOS and macOS - to correct a zero- day that had been used in targeted attacks against specific users; Apple described that campaign as "extremely sophisticated" and published general information about its security updates on its support page: Apple - Security Updates. Both incidents remember that vulnerabilities on popular platforms are often exploited by actors with different objectives, from opportunistic cybercriminals to more targeted operations.
If you use Chrome in Windows or macOS, Google recommends installing versions 145.0.7632.75 or 145.0.7632.76; for Linux the version indicated is 144.0.7559.75. To check that you have the latest version simply open the Chrome menu, go to Help and select About Google Chrome; the browser will search for updates and ask to restart (Relaunch) if it applies. You can also follow Google's official instructions to update Chrome here: Update Google Chrome. Updating as soon as possible is the most effective measure to reduce risk.
Users of other Chromium-based browsers, such as Microsoft Edge, Brave, Opera or Vivaldi, should also remain vigilant: these projects share much of the underlying code and it is therefore common for the corrections to reach the other implementations with little delay. If you use any of those browsers, check your supplier's security notes and apply the updates as soon as they are available.
Beyond the spot patch, it is appropriate to remember some good practices: keep the operating system and extensions up to date, limit the permissions of unknown extensions and avoid opening suspicious links or files from unverified sources. The combination of an updated browser and a prudent conduct in navigation significantly reduces the attack surface.
In short, this security notice reveals an already known reality: browsers remain one of the preferred entry doors for attackers. If you use Chrome or any Chromium-based browser, do the update today and keep the habit of regularly reviewing security updates.
18-year-old Ukrainian youth leads a network of infostealers that violated 28,000 accounts and left $250,000 in losses
The Ukrainian authorities, in coordination with US agents. They have focused on an operation of infostealer which, according to the Ukrainian Cyber Police, was allegedly adminis...
RAMPART and Clarity redefine the safety of IA agents with reproducible testing and governance from the start
Microsoft has presented two open source tools, RAMPART and Clarity, aimed at changing the way the safety of IA agents is tested: one that automates and standardizes technical te...
The digital signature is in check: Microsoft dismands a service that turned malware into apparently legitimate software
Microsoft announced the disarticulation of a "malware-signing-as-a-service" operation that exploited its device signature system to convert malicious code into seemingly legitim...
A single GitHub workflow token opened the door to the software supply chain
A single GitHub workflow token failed in the rotation and opened the door. This is the central conclusion of the incident in Grafana Labs following the recent wave of malicious ...
WebWorm 2025: the malware that is hidden in Discord and Microsoft Graphh to evade detection
The latest observations by cyber security researchers point to a change in worrying tactics of an actor linked to China known as WebWorm: in 2025 it has incorporated back doors ...
Identity is no longer enough: continuous verification of the device for real-time security
Identity remains the backbone of many security architectures, but today that column is cracking under new pressures: advanced phishing, real-time proxyan authentication kits and...
The dark matter of identity is changing the rules of corporate security
The Identity Gap: Snapshot 2026 report published by Orchid Security puts numbers to a dangerous trend: the "dark matter" of identity - accounts and credentials that are neither ...