ACCORDING to SOCRadar Cyber Intelligence Inc., CVE-2026-2441 is a use-after-free flaw in Chrome’s CSS handling that can lead to arbitrary code execution inside the browser sandbox, though it does not by itself guarantee full host compromise. Google has patched the vulnerability, with an awareness that an exploit exists in the wild as of the Stable Channel update published on 13 February 2026.
Windows/macOS versions prior to 145.0.7632.75, and Linux versions below 144.0.7559.75, are identified as vulnerable, with fixes released on 13 February 2026: Chrome Stable on Windows/macOS 145.0.7632.75/76 and Linux 144.0.7559.75, and Chrome Extended Stable on Windows/macOS 144.0.7559.177. Exploitation is triggered via web content, typically a crafted HTML page requiring user interaction, and public PoC exploits are not yet available.
Defenders are advised to patch and ensure browsers are restarted, audit endpoints for those below fixed versions, and consider short-term compensating controls while patching.