CVE-2026-2441 is a use-after-free vulnerability in Chrome's CSS processing that allows remote code execution via malicious HTML pages. Despite active exploitation, this affects client-side browser software, not internet-facing servers, requiring user interaction to visit malicious websites.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: USER_INTERACTION
CVE Published: 2026-02-13
Added to CISA KEV: 2026-02-17 4 DAYS BETWEEN CVE AND KEV
CVE-2026-2441 is a use-after-free bug in the CSS processing component of Google Chrome, which allows a remote attacker “to execute arbitrary code inside a sandbox via a crafted HTML page.”As per usual, Google did not share more details about the fixed zero-day, nor details about its possible in-the-wild exploitation. The fix has been shipped in Chrome 145.0.7632.75/76 for Windows/Mac and 144.0.7559.75 for Linux. If automatic updates are enabled in Chrome, the security patch has likely already been downloaded – you only need to restart the browser for it to take effect.
Why Browser Vulnerabilities Remain Prime Targets. Browser-based security flaws continue to attract threat actors due to the extensive attack surface modern browsers present. Given their near-universal deployment across enterprise and consumer environments, browsers serve as high-value entry points for malicious operations. The patching of CVE-2026-2441 marks the first actively exploited zero-day vulnerability addressed in Chrome in 2026.
This CVE record has been marked for NVD enrichment efforts. Description. Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High).CVSS information contributed by other sources is also displayed. CVSS 4.0 Severity and Vector Strings
CVEs. CVE-2026-2441. Proof of exploitExploited in the wild.Successful exploitation results in arbitrary code execution within the Chrome sandbox environment. This could lead to complete compromise of Chrome process memory, potential information disclosure, and depending on Chrome's sandbox configuration, potential privilege escalation vectors.
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.How to use the KEV ...