95/69 Tuesday, February 17, 2026
Google has released an emergency security update to address a high-severity zero-day vulnerability in the Chrome browser that has been actively exploited in the wild. The flaw, tracked as CVE-2026-2441, is a use-after-free vulnerability in Chrome’s CSS processing component. It marks the first actively exploited Chrome zero-day of 2026, following eight similar zero-day fixes addressed in 2025.
According to the National Vulnerability Database (NVD), the vulnerability allows remote attackers to execute unauthorized code within the browser’s sandbox by tricking victims into visiting a specially crafted HTML page. If successfully exploited, affected systems could be compromised. The flaw was discovered and reported by security researcher Shaheen Fazim on February 11, 2026. Google has confirmed that the vulnerability has been exploited but has not disclosed further technical details or information about the threat actors involved.
Google has updated the Chrome Stable channel to version 145.0.7632.75/76 for Windows and macOS, and version 144.0.7559.75 for Linux. The update is being rolled out gradually over the coming days. Users of Chromium-based browsers-including Microsoft Edge, Brave, Opera, and Vivaldi-are advised to monitor for and apply security updates as soon as they become available to mitigate the risk of exploitation.
