# Zero-day Google Chrome vulnerability CVE-2026-2441 actively exploited in attacks

_Friday, June 26, 2026 at 9:47 PM EDT · Cybersecurity · Latest · Tier 2 — Notable_

![Zero-day Google Chrome vulnerability CVE-2026-2441 actively exploited in attacks — Primary](https://cdn.prod.website-files.com/5efc3ccdb72aaa7480ec8179/69955ad19be8cb9a157636f9_News%20logos%20(10).jpg)

Google reported a security incident on February 16, 2026. The incident involved a cyberattack that exploited a zero-day vulnerability in the Google Chrome browser. Unauthorized access was identified on February 13, 2026.

Google released emergency security updates for CVE-2026-2441 on February 13, 2026. The vulnerability is a use-after-free bug in the CSS component of the browser. It allows remote attackers to execute code or cause browser crashes.

The incident is classified at a high severity level. The flaw permits remote code execution within the browser sandbox. This creates risks of unauthorized system access or data corruption for users who do not apply updates.

No specific threat actor has been identified. The vulnerability was confirmed to be actively exploited in the wild before patches became available. Potential impacts include exposure of browser session data and credentials if users visit malicious HTML pages.

Users of Google Chrome and other Chromium-based browsers face risks of arbitrary code execution and service disruption. Immediate application of the latest versions is recommended. Enabling automatic updates and monitoring account activity are advised steps.

## Sources

- [UpGuard](https://www.upguard.com/news/google-data-breach-2026-02-17)

---
Canonical: https://techandbusiness.org/newswire/X0O85GNlLhBSz1ObTqRfk3
Retrieved: 2026-06-27T05:53:30.491Z
Publisher: Tech & Business (techandbusiness.org)