Google Issues Urgent Chrome Update to Fix Actively Exploited High-Severity Vulnerability
Google has confirmed the release of critical security updates for its Chrome browser to address a high-severity vulnerability that is currently being actively exploited in real-world attacks. This flaw poses a significant threat to users, as it allows hackers to execute malicious code simply by tricking someone into opening a specially crafted web page.
Details of the Critical Security Flaw
The vulnerability, tracked as CVE-2026-2441, has been assigned a CVSS score of 8.8, indicating its high severity. It is classified as a use-after-free bug within the CSS component of Google Chrome. According to the National Vulnerability Database (NIST), this flaw enables a remote attacker to execute arbitrary code inside the browser's sandbox environment via a malicious HTML page.
This means that despite Chrome's built-in safety protections, such as sandboxing, attackers can exploit this bug to run harmful code and potentially gain control over parts of the browser. The vulnerability was discovered and reported by security researcher Shaheen Fazim on February 11, 2026.
Active Exploitation and Google's Response
Google has acknowledged that an exploit for CVE-2026-2441 exists in the wild, though the company has not disclosed specific details regarding how the vulnerability is being exploited, the identities of the attackers, or which targets have been affected. The fix is now available in Chrome version 145.0.7632.75 and later releases.
In a related development, Apple also released updates last week for its operating systems, including iOS, iPadOS, macOS Ventura, tvOS, watchOS, and visionOS. These updates address a separate zero-day flaw, tracked as CVE-2026-20700 with a CVSS score of 7.8, which had been weaponised to execute arbitrary code on susceptible devices as part of targeted attacks against specific individuals using older iOS versions.
Step-by-Step Guide to Update Google Chrome
To ensure protection against this vulnerability, users are strongly recommended to update their Chrome browser immediately. Here is a simple guide to follow:
- Open Google Chrome on your device.
- Click on the three-dot menu icon (More) in the top-right corner.
- Navigate to Help and then select About Google Chrome.
- Chrome will automatically check for updates. If an update is available, it will begin downloading.
- Once the update is complete, click on the Relaunch button to restart the browser with the latest version installed.
For specific versions, users should update to:
- Windows and macOS: Version 145.0.7632.75 or 145.0.7632.76
- Linux: Version 144.0.7559.75
Impact on Other Chromium-Based Browsers
Users of other browsers built on the Chromium engine, such as Microsoft Edge, Brave, Opera, and Vivaldi, are also advised to apply the fixes as they become available from their respective developers. Since these browsers share core components with Chrome, they may be susceptible to similar vulnerabilities.
Broader Implications for Browser Security
This incident underscores the ongoing challenges in browser security, as browser-based flaws remain a prime target for malicious actors. Browsers are installed across millions of systems worldwide, presenting a broad attack surface that hackers frequently exploit. Google Chrome, in particular, has faced multiple actively exploited vulnerabilities over time, highlighting the need for continuous vigilance and prompt updates.
Cybersecurity experts emphasize that keeping software up-to-date is one of the most effective ways to protect against such threats. Users should regularly check for and install updates to mitigate risks from emerging vulnerabilities.
