Google Patches Critical Zero-Day Chrome Vulnerability, Users Advised to Update Immediately

Google has rolled out critical security updates for its Chrome browser to patch a high-severity vulnerability that has already been exploited in the wild. The security flaw, tracked as CVE-2026-2441, is a use-after-free bug in CSS, carrying a CVSS score of 8.8.

Chrome Zero-Day actively exploited in 2026, Google patches

Security researcher Shaheen Fazim first reported the vulnerability, after which Google acknowledged that the vulnerability had “allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page” in versions before Chrome 145.0.7632.75. Google confirmed that an exploit exists in the wild but did not disclose specifics on who is behind the attacks or which targets may have been affected.

Notably, this is the first actively exploited zero-day patched in Chrome in 2026. For those unaware, Google addressed eight actively exploited or proof-of-concept zero-days last year alone. Browser-based vulnerabilities remain attractive to attackers, given the sheer ubiquity of Chrome and the broad attack surface it exposes.

Users are recommended to update Chrome

To stay safe, Google has urged Chrome users to update immediately. Chrome versions 145.0.7632.75/76 for Windows and macOS, and 144.0.7559.75 for Linux, include the fixes. To install them, navigate to More > Help > About Google Chrome and select Relaunch.

Other Chromium-based browsers, including Microsoft Edge, Brave, Opera, and Vivaldi, are expected to release patches soon, and users should stay alert for updates. At a time when zero-days continue to pose a serious risk, keeping browsers up to date remains one of the simplest yet most effective ways to protect against emerging exploits.