Google Issues Emergency Patch for Actively Exploited Chrome Zero-Day
Take action: An urgent patch for Chrome - Google is patching an actively exploited flaw in Chrome, and the flaw is nasty enough that even the basic description of it is withheld. DONT WAIT! Update all your Chrome and Chromium browsers (Edge, Opera, Brave, Vivaldi...). Updating the browser is easy, all your tabs reopen after the patch.
Learn More
Google issued an emergency security update for the Chrome and Chromium based browsers to patch a high-severity actively exploited vulnerability.
The flaw is tracked as CVE-2026-2441 (CVSS score 8.8, Google severity High) - a use-after-free vulnerability in the CSS rendering engine that occurs when the browser improperly manages the lifecycle of memory objects. Attackers can trigger this flaw by tricking a user into loading a website with malicious CSS code, which causes the browser to access memory that has already been released. Googl
Even if the exploit initially runs within the Chrome sandbox, threat actors often chain these types of flaws with other system vulnerabilities to gain higher privileges on the host machine. Google is aware that an exploit for CVE-2026-2441 exists in the wild.
Google has kept technical details restricted to prevent more attackers from building their own versions of the exploit before most users have patched.
The update affects all users of the Chrome desktop application on Windows, macOS, and Linux. Google has released version 145.0.7632.75/.76 for Windows and Mac, and version 144.0.7559.75 for Linux.
Users should update Chrome and all Chromium browsers (Opera, Brave, Edge, Vivaldi...). Organizations should use their central management consoles to push these updates to all managed endpoints ASAP.
