Remote Code Execution due to Use After Free in Google Chrome
CVE-2026-2441

8.8HIGH

Key Information:

Vendor

Google
Status
Chrome
Vendor
CVE Published:
13 February 2026

Badges

πŸ₯‡ Trended No. 1πŸ“ˆ TrendedπŸ“ˆ Score: 9,850πŸ‘Ύ Exploit ExistsπŸ¦… CISA Reported

What is CVE-2026-2441?

CVE-2026-2441 is a significant vulnerability found within Google Chrome, a widely used web browser that facilitates browsing the internet. This vulnerability arises from a "Use after Free" flaw in the browser's handling of CSS (Cascading Style Sheets) prior to version 145.0.7632.75. Such an issue can allow malicious actors to exploit the browser, enabling them to execute arbitrary code from a specially crafted HTML page. Given Google Chrome's extensive use across various industries, this vulnerability has the potential to negatively impact organizations by compromising the security of their users' browsing sessions. The execution of arbitrary code within a sandboxed environment poses serious risks that could lead to unauthorized access, data leakage, and potentially broader system vulnerabilities if not addressed promptly.

Potential Impact of CVE-2026-2441

  1. Remote Code Execution: The primary impact of CVE-2026-2441 is the ability for remote attackers to execute arbitrary code on a victim's system through malicious web content. This could lead to complete control over the affected machine, resulting in severe data breaches and system disruptions.

  2. Data Compromise: Organizations utilizing Google Chrome may face significant risks to sensitive data. Exploitation of this vulnerability could enable attackers to access confidential information stored on the machine or transmitted through the browser, leading to data theft or unauthorized manipulation.

  3. Widespread Exploit Potential: Given the popularity of Google Chrome, the existence of this vulnerability provides a broad attack surface for malicious actors. The potential for exploitation in the wild, especially if it becomes widely known or if proof-of-concept exploits are developed, increases the urgency for organizations to secure their systems against this threat, as well as to maintain user trust and compliance with data protection regulations.

CISA has reported CVE-2026-2441

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2026-2441 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Chrome 145.0.7632.75

References

https://chromereleases.googleblog.com/2026/02/stable-chan...
https://issues.chromium.org/issues/483569511

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • πŸ₯‡

    Vulnerability reached the number 1 worldwide trending spot

  • πŸ“ˆ

    Vulnerability started trending

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ¦…

    CISA Reported

  • Vulnerability published

  • Vulnerability Reserved

JSON
.