Google has released an emergency security update for its Chrome web browser to fix a Chrome zero-day vulnerability that has been actively exploited in real-world attacks. This marks the first Chrome zero-day patched in 2026, and users are being strongly advised to update immediately to avoid potential compromise.
The security update is rolling out as Chrome 145.0.7632.75 and .76 for Windows and macOS, along with version 144.0.7559.75 for Linux. According to Google, updating as soon as possible is critical because attackers are already exploiting the flaw in the wild.
The vulnerability, tracked as CVE-2026-2441, is a use-after-free bug in Chrome’s CSS engine. This type of flaw can allow attackers to execute arbitrary code within the browser’s sandbox. In practical terms, a victim could be compromised simply by visiting a specially crafted malicious website, without clicking or downloading anything.
Google confirmed that an exploit for this Chrome zero-day vulnerability already exists but deliberately withheld technical details. The company said it is limiting disclosure to prevent attackers from reverse-engineering the patch before most users apply the update. The issue was discovered by security researcher Shaheen Fazim on February 11, 2026, and Google released a fix just two days later.
Although Google found evidence of attackers exploiting this zero-day flaw in the wild, it did not share additional details regarding these incidents.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed,” it noted.
Because Chrome is the world’s most widely used browser, any actively exploited zero-day poses a serious risk to both individual users and organizations. Browsers routinely process untrusted web content, which makes memory safety bugs especially dangerous. If abused, such flaws can become entry points for deeper system compromise.
Throughout 2025, Google patched several Chrome zero-day vulnerabilities that were also exploited in attacks. As a result, security experts continue to stress the importance of fast patching and automatic updates.
Users can confirm they are protected by opening Chrome and navigating to Settings > Help > About Google Chrome, where the browser will automatically check for updates. Other Chromium-based browsers, including Edge, Brave, Opera and Vivaldi, are also expected to release corresponding patches. Keeping browsers updated remains one of the most effective defenses against zero-day exploits.
