CVE-2026-2441KEVEXPLOITEDPATCHED

google · chrome

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Description

Affected Products

Vendor	Product	Versions
google	chrome	< 145.0.7632.75, < 145.0.7632.76

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
apple	macos	cve_cpe	95%
linux	linux_kernel	cve_cpe	95%
microsoft	windows	cve_cpe	95%

References

https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html(Release Notes)
https://issues.chromium.org/issues/483569511(Issue Tracking, Permissions Required)
https://github.com/huseyinstif/CVE-2026-2441-PoC/blob/main/poc.html(Exploit)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-2441(US Government Resource)

Related News (2 articles)

Tier D

SecurityWeek1d ago

Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome

→ No new info (linked only)

Tier D

BleepingComputer1d ago

Google fixes fourth Chrome zero-day exploited in attacks in 2026

→ No new info (linked only)

CVSS 3.18.8 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA KEV✅ Yes

Actively exploited✅ Yes

Patch available

145.0.7632.75145.0.7632.76

CWECWE-416, CWE-416

PublishedFeb 13, 2026

Last enriched1d ago

Trending Score85

Source articles2

Independent2

Info Completeness11/14

Missing: epss, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-5281EXPKEV

CVE-2026-5281: Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the render

Trending: 145

HIGHCVE-2026-3910EXPKEV

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hi

Trending: 88

HIGHCVE-2026-3909EXPKEV

Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Trending: 88

HIGHCVE-2026-5284EXP

CVE-2026-5284: Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the render

Trending: 69

CRITICALCVE-2026-5289EXP

CVE-2026-5289: Use after free in Navigation in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the

Trending: 68

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Feb 13, 2026

Added to CISA KEV

Feb 13, 2026

Actively Exploited

Feb 23, 2026

Exploit Available

Feb 23, 2026

Patch Available

Feb 23, 2026

Discovered by ZDM

Apr 1, 2026