CVE-2026-2441

HIGH

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS v3.1 Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Complexity

LOW

Privileges

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Published: 2/13/2026Modified: 2/23/2026

Related Intelligence (1)

CRITICALZero Day

Google patches fourth Chrome zero-day so far this year

Google has patched another zero-day vulnerability in Chrome, its fourth this year. In patching the vulnerability, tracked as CVE-2026-5281 , the company acknowledged that an exploit for it already exists in the wild. According to the report in NIST’s National Vulnerability Database, the vulnerability in Dawn, the implementation of WebGPU used by Chrome, allowed a remote attacker who had compromise

CVE-2026-5281CVE-2026-2441

8h agoCSO Online

References (4)

https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.htmlRelease Notes https://issues.chromium.org/issues/483569511Issue TrackingPermissions Required https://github.com/huseyinstif/CVE-2026-2441-PoC/blob/main/poc.htmlExploit https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-2441US Government Resource