🟢 CVE-2026-2441

CVE-2026-2441 is a use-after-free vulnerability in Chrome's CSS processing that allows remote code execution via malicious HTML pages. Despite active exploitation, this affects client-side browser software, not internet-facing servers, requiring user interaction to visit malicious websites.

← Back to Overview
LOW_RISK
Risk Level
8.8
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1189 — Drive-by Compromise
ATT&CK Technique
VERY_LOW
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: USER_INTERACTION

CVE Published: 2026-02-13

Added to CISA KEV: 2026-02-17 4 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-02-17)

CVE-2026-2441 is a high-severity use-after-free vulnerability in the CSS processing component of Google Chrome [1][3]. This vulnerability allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page [3][4].

Here's a breakdown of what is known about its exploitation:

  • Internet-facing applications or services: The vulnerability affects Google Chrome, which is a widely used internet browser. While not an internet-facing *service* in the traditional sense, its widespread use and direct interaction with the internet make it a significant target [2].
  • Evidence of active exploitation in the wild: Yes, CVE-2026-2441 has been actively exploited in the wild [4][6]. It is considered the first actively exploited Chrome zero-day of 2026 [10][11].
  • Attack vectors and exploitation methods: The vulnerability is triggered via web content, meaning an attacker can deliver it through a crafted HTML page [1][3]. Successful exploitation results in arbitrary code execution within the Chrome sandbox environment [4][9]. This could lead to compromise of Chrome process memory, potential information disclosure, and depending on the sandbox configuration, potential privilege escalation [4].
  • Use in targeted attacks: While the sources confirm active exploitation, they do not specifically detail whether these attacks are targeted or widespread. However, the nature of browser exploits often implies a broad attack surface.
  • CISA Known Exploited Vulnerabilities status: As of the available information, CVE-2026-2441 is not explicitly listed in the CISA Known Exploited Vulnerabilities (KEV) Catalog [5][12]. However, CISA has added other vulnerabilities to the catalog around the same time frame [13][14].
  • Technical details about internet exploitability: The vulnerability is a use-after-free bug in Chrome's CSS component [1][3]. This type of vulnerability occurs when a program attempts to access memory after it has been freed, which can lead to memory corruption and allow an attacker to execute arbitrary code [7][8]. The exploit requires a remote attacker to present a crafted HTML page to the victim, which is then processed by Chrome's CSS engine [1][3]. The CVSS score for this vulnerability is 8.8, indicating a high severity [2][7]. Google has patched this vulnerability in Chrome versions prior to 145.0.7632.75 [1][3].

Sources

  1. Google patches Chrome vulnerability with in-the-wild ...

    CVE-2026-2441 is a use-after-free bug in the CSS processing component of Google Chrome, which allows a remote attacker “to execute arbitrary code inside a sandbox via a crafted HTML page.”As per usual, Google did not share more details about the fixed zero-day, nor details about its possible in-the-…

  2. CVE-2026-2441 Chrome Vulnerability Removal Report

    Why Browser Vulnerabilities Remain Prime Targets. Browser-based security flaws continue to attract threat actors due to the extensive attack surface modern browsers present. Given their near-universal deployment across enterprise and consumer environments, browsers serve as high-value entry points f…

  3. CVE-2026-2441 Detail - NVD

    This CVE record has been marked for NVD enrichment efforts. Description. Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High).CVSS information contributed by othe…

  4. CVE-2026-2441 - Exploits & Severity - Feedly

    CVEs. CVE-2026-2441. Proof of exploitExploited in the wild.Successful exploitation results in arbitrary code execution within the Chrome sandbox environment. This could lead to complete compromise of Chrome process memory, potential information disclosure, and depending on Chrome's sandbox configura…

  5. Known Exploited Vulnerabilities Catalog - CISA

    For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catal…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed