Zero-day Google Chrome vulnerability CVE-2026-2441 actively exploited in attacks

Google reported a security incident on February 16, 2026. The incident involved a cyberattack that exploited a zero-day vulnerability in the Google Chrome browser. Un Google released emergency security updates for CVE-2026-2441 on February 13, 2026. The vulnerability is a use-after-free bug in the CSS component of the browser. It allows remote attackers to execute code or cause browser crashes. The incident is classified at a high severity level. The flaw permits remote code execution within the browser sandbox. This creates risks of un No specific threat actor has been identified. The vulnerability was confirmed to be actively exploited in the wild before patches became available. Potential impacts include exposure of browser session data and credentials if users visit malicious HTML pages. Users of Google Chrome and other Chromium-based browsers face risks of arbitrary code execution and service disruption. Immediate application of the latest versions is recommended. Enabling automatic updates and monitoring account activity are advised steps.