Google patches Chrome’s first zero day of the year – so update now or face an attack


  • Google fixes Chrome Zero-Day CVE-2026-2441, a “free use” bug in CSS
  • The exploit allowed execution of arbitrary code via crafted HTML pages, actively exploited in the wild
  • Update to Chrome 145.0.7632.75/76 (Windows/Mac) or 144.0.7559.75 (Linux) to stay protected

Google has fixed a high-severity vulnerability in the Chrome browser that was apparently being used as a zero-day in the wild.

In a security advisory, Google said it fixed CVE-2026-2441, a “free use of CSS in Google Chrome before 145.0.7632.75.” This bug, with a severity score of 8.3/10 (high), allows malicious actors to execute arbitrary code in a sandbox via a specially crafted HTML page.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top