Google Patches Actively Exploited Chrome Zero-Day (CVE-2026-2441) On February 16, 2026, Google released an emergency security update to address CVE-2026-2441, a high-severity zero-day vulnerability in Chrome actively exploited in the wild. The flaw, classified as a use-after-free bug in the browser’s CSS component, allows remote attackers to execute arbitrary code within a sandbox via a maliciously crafted HTML page. The vulnerability was discovered and reported by security researcher Shaheen Fazim on February 11, 2026. While Google confirmed the existence of an exploit, details about the threat actor or attack methods remain undisclosed. This marks the first actively exploited Chrome zero-day of 2026, following eight similar vulnerabilities patched in 2025. The update (Chrome 145.0.7632.75/76 for Windows and Mac, 144.0.7559.75 for Linux) is rolling out globally over the coming days. Users of Chromium-based browsers, including Microsoft Edge, Brave, Opera, and Vivaldi, are advised to apply updates as they become available. The flaw’s severity underscores the ongoing risk of browser-based attacks, particularly those leveraging memory corruption vulnerabilities. No additional technical or attribution details have been released.