New Chrome Zero-Day (CVE-2026-2441) Under Active Attack - Patch Released

• New Chrome Zero-Day (CVE-2026-2441) Under Active Attack - Patch Released Google on Friday released security updates for its Chrome browser to address a security flaw that it said has been exploited in the wild. • The high-severity vulnerability, tracked asCVE-2026-2441(CVSS score: 8.8), has been described as a use-after-free bug in CSS. • Security researcher Shaheen Fazim has been credited with discovering and reporting the shortcoming on February 11, 2026. • “Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page,” according to a description of the flaw in the NIST’s National Vulnerability Database (NVD). • Google did not disclose any details about how the vulnerability is being exploited in the wild, by whom, or who may have been targeted, but itacknowledgedthat “an exploit for CVE-2026-2441 exists in the wild.” While Google Chrome is no stranger to actively exploited vulnerabilities, the development once again highlights how browser-based flaws are an attractive target for malicious actors, given that they are installed everywhere and expose a broad attack surface. • The disclosure of CVE-2026-2441 makes it the first actively exploited zero-day in Chrome that Google has patched in 2026.

Article Summaries:

• Google on Friday released security updates for its Chrome browser to address a security flaw that it said has been exploited in the wild. The high-severity vulnerability, tracked as CVE-2026-2441 (CVSS score: 8.8), has been described as a use-after-free bug in CSS. Security researcher Shaheen Fazim has been credited with discovering and reporting the shortcoming on February 11, 2026. “Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page,” according to a description of the flaw in the NIST’s Na
• Google released an emergency Chrome update on Friday to patch a zero-day vulnerability that has been exploited in the wild. Chrome 145.0.7632.75/76 for Windows/Mac and 144.0.7559.75 for Linux fix CVE-2026-2441, described as a high-severity use-after-free vulnerability in the browser’s CSS component. “Google is aware that an exploit for CVE-2026-2441 exists in the wild,” Google said in its advisory. Google has credited researcher Shaheen Fazim for reporting the vulnerability. The actively exploited flaw was disclosed to the vendor on February 11, only two days before it was patched. Fazim was c
• Google has released emergency updates to fix a high-severity Chrome vulnerability exploited in zero-day attacks, marking the first such security flaw patched since the start of the year. “Google is aware that an exploit for CVE-2026-2441 exists in the wild,” Google said in a security advisory issued on Friday. According to the Chromium commit history, this use-after-free vulnerability (reported by security researcher Shaheen Fazim) is due to an iterator invalidation bug in CSSFontFeatureValuesMap, Chrome’s implementation of CSS font feature values. Successful exploitation can allow attackers t
• This week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons, cloud setups, or workflows that people already trust and rarely question. Another signal: attackers are mixing old and new methods. Legacy botnet tactics, modern cloud abuse, AI assistance, and supply-chain exposure are being used side by side, whichever path gives the easiest foothold. Below is the full weekly recap - a condensed scan of the incidents, flaws, and campaigns shaping the threat landscape right now. ⚡ Threat of the Week Malicious Outlook Add-in
• Threat Intelligence Bulletin - 16 Feb 2026

The bulletin reports several high‑profile incidents. Dutch telecom Odido suffered a data breach exposing personal details of 6.2 million customers. BridgePay Network Solutions faced a ransomware attack that shut core systems, though no payment data were compromised. Flickr’s third‑party email provider was compromised, potentially exposing user identifiers but not passwords or card numbers. ApolloMD disclosed a breach affecting 626,000 individuals, exposing patient records.

AI‑related threats include Google’s analysis of adversarial AI misuse, a UNC1069 FinTech attack using AI‑enabled social engineering, and phishing sites cloned via AI website builders.

Patch Tuesday updates from Microsoft and Google addressed 58 vulnerabilities, including zero‑day exploits (e.g., CVE‑2026‑21510) and high‑severity Chrome bugs (CVE‑2026‑2313, 2314, 2315). BeyondTrust also fixed a critical remote‑code‑execution flaw.

Sources:

• https://thehackernews.com/2026/02/new-chrome-zero-day-cve-2026-2441-under.html
• https://www.securityweek.com/google-patches-first-actively-exploited-chrome-zero-day-of-2026/
• https://www.bleepingcomputer.com/news/security/google-patches-first-chrome-zero-day-exploited-in-attacks-this-year/
• https://thehackernews.com/2026/02/weekly-recap-outlook-add-ins-hijack-0.html
• https://research.checkpoint.com/2026/16th-february-threat-intelligence-report/
• https://www.crowdstrike.com/en-us/blog/patch-tuesday-analysis-february-2026/
• https://www.malwarebytes.com/blog/news/2026/02/update-chrome-now-zero-day-bug-allows-code-execution-via-malicious-webpages
• https://thehackernews.com/2026/02/cisa-flags-four-security-flaws-under.html
• https://www.securityweek.com/cisa-hackers-exploiting-vulnerability-in-product-of-taiwan-security-firm-teamt5/
• https://vercel.com/changelog/new-deployments-with-vulnerable-versions-of-next-mdx-remote-are-now-blocked-by-default