Google Rushes Emergency Patch After Chrome Zero-Day Exploited in Active Attacks

High-severity CSS flaw actively targeted; users urged to update immediately to stay secure

Google has released an urgent cybersecurity update for Chrome, addressing a high-severity zero-day vulnerability that is actively being exploited by attackers. Tracked as CVE-2026-2441, the flaw is a use-after-free bug in Chrome’s CSS handling, first reported by independent researcher Shaheen Fazim on February 11, 2026—just five days before Google’s patch rollout.

The vulnerability allows attackers to manipulate freed memory to execute malicious code remotely, potentially impacting Windows, macOS, and Linux systems. In practice, this means visiting a compromised website could let attackers run arbitrary commands, bypass browser safeguards, and escalate privileges.

Users and organizations are urged to update immediately using Chrome’s built-in updater or enterprise tools, as versions prior to the patch remain at risk. Patched versions include Windows and macOS 145.0.7632.75/.76 and Linux 144.0.7559.75.

Chrome’s rollout is gradual, so manual updates are recommended for high-risk environments. Organizations are advised to monitor for suspicious network activity, review federal advisories via CISA’s Known Exploited Vulnerabilities catalog, and follow Chrome’s security release notes.

This incident underscores the persistent risks facing browsers, as threat actors increasingly target critical software for financial or espionage purposes. Experts caution that even widely used applications like Chrome remain prime targets for sophisticated attackers, emphasizing the importance of timely patching and cybersecurity vigilance.