On February 13, 2026, Google released an urgent security update for the Chrome stable desktop channel to address a severe zero-day vulnerability. This update is the first actively exploited zero-day patched in Chrome for the year 2026.
Google confirmed active exploitation in the wild, elevating the urgency for patch deployment. The update applies to Windows, macOS, and Linux platforms.
Severity: High
Vulnerability Details
- CVE ID: CVE-2026-2441
- Vulnerability Class: Use-after-free
- Component Affected: CSS engine
- Exploit Status: Actively exploited in the wild
- Description:
- This is a “Use after free” vulnerability. These occur when a program continues to use a memory pointer after the memory it points to has been cleared (freed), leading to memory corruption.
- A remote attacker can exploit this vulnerability by tricking a user into visiting a specially crafted HTML page. This can trigger the memory error and allow the attacker to execute arbitrary code on the target system.
Affected And Patched Versions
| Platform | Affected Version | Patched Version |
| Windows | Prior to 145.0.7632.75 | 145.0.7632.75/76 |
| Mac | Prior to 145.0.7632.75 | 145.0.7632.75/76 |
| Linux | Prior to 144.0.7559.75 | 144.0.7559.75 |
Recommendations
- Ensure Google Chrome and Chromium based browsers are running latest security updates.
- Enforce auto-updates for Chrome in enterprise environments.
- Enable Enhanced Safe Browsing mode for real-time protection.
Source:
- https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html
Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn
No related posts found.