CVE-2026-2441KEVEXPLOITEDPATCHED

google · chrome

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Description

Affected Products

Vendor	Product	Versions
google	chrome	< 145.0.7632.75, < 145.0.7632.76

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
apple	macos	cve_cpe	95%
linux	linux_kernel	cve_cpe	95%
microsoft	windows	cve_cpe	95%

References

https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html(Release Notes)
https://issues.chromium.org/issues/483569511(Issue Tracking, Permissions Required)
https://github.com/huseyinstif/CVE-2026-2441-PoC/blob/main/poc.html(Exploit)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-2441(US Government Resource)

Related News (2 articles)

Tier D

SecurityWeek20m ago

Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome

→ No new info (linked only)

Tier D

BleepingComputer4h ago

Google fixes fourth Chrome zero-day exploited in attacks in 2026

→ No new info (linked only)

CVSS 3.18.8 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA KEV✅ Yes

Actively exploited✅ Yes

Patch available

145.0.7632.75145.0.7632.76

CWECWE-416, CWE-416

PublishedFeb 13, 2026

Last enriched5d ago

Trending Score109🔥

Source articles2

Independent2

Info Completeness10/14

Missing: epss, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-3910EXPKEV

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hi

Trending: 112

HIGHCVE-2026-3909EXPKEV

Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Trending: 112

MEDIUMCVE-2026-5280EXP

CVE-2026-5280: Use after free in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code

Trending: 57

HIGHCVE-2026-5292EXP

CVE-2026-5292: Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of

Trending: 56

HIGHCVE-2026-4676EXP

Use after free in Dawn in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Trending: 48

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Feb 13, 2026

Added to CISA KEV

Feb 13, 2026

Actively Exploited

Feb 23, 2026

Exploit Available

Feb 23, 2026

Patch Available

Feb 23, 2026

Discovered by ZDM

Mar 26, 2026