Google Chrome's latest security update patches high-severity flaw exploited by hackers: Here’s what we know

Google recently released security updates for its Chrome browser to address a high-severity vulnerability that is being actively exploited in the wild, the company confirmed. The high-severity flaw, tracked as CVE-2026-2441 with a CVSS score of 8.8, is a use-after-free bug in CSS that allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

This means that, due to this bug, hackers can trick Chrome into running harmful code just by making someone open a specially designed web page. This could let the attacker take control of parts of the browser, even though Chrome has safety protections in place. Security researcher Shaheen Fazim discovered and reported the vulnerability on February 11, 2026."Use-after-free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page," according to a description of the flaw in the NIST's National Vulnerability Database.According to a report by Hacker News, Google has acknowledged that "an exploit for CVE-2026-2441 exists in the wild" but has not disclosed details on how the vulnerability is being exploited, who is behind the attacks, or which targets have been affected. The fix is available in Chrome version 145.0.7632.75 and later.

Google Chrome users should update their browser to the latest version: A step-by-step guide

Users are recommended to update their Chrome browser to version 145.0.7632.75/76 for Windows and macOS, and 144.0.7559.75 for Linux to ensure protection.

Users can go to More > Help > About Google Chrome and select Relaunch to ensure the latest updates are installed.Users of other Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, are also advised to apply the fixes as they become available.Google Chrome has faced multiple actively exploited vulnerabilities over time. The development underscores that browser-based flaws remain a target for malicious actors, as browsers are installed across numerous systems and present a broad attack surface.Apart from Google, Apple released updates last week for iOS, iPadOS, macOS Ventura, tvOS, watchOS, and visionOS. These updates address a zero-day flaw (CVE-2026-20700, CVSS score: 7.8) that had been weaponised to execute arbitrary code on susceptible devices as part of a targeted attack against specific individuals running iOS devices on versions before iOS 26.