CVE-2026-2441

high

Description

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

References

https://www.theregister.com/2026/03/13/google_zeroday_chrome_update/

https://www.bleepingcomputer.com/news/google/google-fixes-two-new-chrome-zero-days-exploited-in-attacks/

https://thehackernews.com/2026/03/google-fixes-two-chrome-zero-days.html

https://securityaffairs.com/189373/hacking/google-fixed-two-new-actively-exploited-flaws-in-the-chrome-browser.html

https://databreaches.net/2026/02/21/update-chrome-now-zero-day-bug-allows-code-execution-via-malicious-webpages/?pk_campaign=feed&pk_kwd=update-chrome-now-zero-day-bug-allows-code-execution-via-malicious-webpages

https://thehackernews.com/2026/02/cisa-flags-four-security-flaws-under.html

https://securityaffairs.com/188163/uncategorized/u-s-cisa-adds-google-chromium-css-microsoft-windows-teamt5-threatsonar-anti-ransomware-and-zimbra-flaws-to-its-known-exploited-vulnerabilities-catalog.html

https://www.malwarebytes.com/blog/news/2026/02/update-chrome-now-zero-day-bug-allows-code-execution-via-malicious-webpages

https://www.cisa.gov/news-events/alerts/2026/02/17/cisa-adds-four-known-exploited-vulnerabilities-catalog

https://www.theregister.com/2026/02/16/chromes_zeroday/

https://www.securityweek.com/google-patches-first-actively-exploited-chrome-zero-day-of-2026/

https://www.infosecurity-magazine.com/news/google-patches-new-in-wild-chrome/

https://www.helpnetsecurity.com/2026/02/16/google-patches-chrome-vulnerability-with-in-the-wild-exploit-cve-2026-2441/

https://www.bleepingcomputer.com/news/security/google-patches-first-chrome-zero-day-exploited-in-attacks-this-year/

https://thehackernews.com/2026/02/new-chrome-zero-day-cve-2026-2441-under.html

https://securityaffairs.com/188029/security/google-fixes-first-actively-exploited-chrome-zero-day-of-2026.html

http://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html

http://chromereleases.googleblog.com/2026/02/extended-stable-updates-for-desktop_13.html

http://chromereleases.googleblog.com/2026/02/long-term-support-channel-update-for_27.html

http://chromereleases.googleblog.com/2026/02/stable-channel-update-for-chromeos_26.html

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-2441

https://issues.chromium.org/issues/483569511

https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html

Details

Source: Mitre, NVD

Published: 2026-02-13

Updated: 2026-02-23

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00035

Detections

Analytics