Alerts

Google Patches First Chrome Zero-Day of 2026 After Active Exploitation of CSS Use-After-Free Flaw (CVE-2026-2441)

Zero Day Wire

1 min read
Google Patches First Chrome Zero-Day of 2026 After Active Exploitation of CSS Use-After-Free Flaw (CVE-2026-2441)

Google has released emergency Chrome updates to address CVE-2026-2441, a high-severity use-after-free vulnerability in Chrome's CSS handling that was being actively exploited before a fix was available — marking the first Chrome zero-day of 2026.

CVE-2026-2441

The vulnerability (CVSS 8.8) allows a remote attacker to execute arbitrary code inside the browser's sandbox by luring a victim to a specially crafted HTML page. The flaw resides in Chrome's CSS processing, where a use-after-free condition can be triggered through malicious webpage content.

Security researcher Shaheen Fazim reported the flaw on February 11. Google confirmed active exploitation just two days later on February 13.

"Google is aware that an exploit for CVE-2026-2441 exists in the wild," the company stated in its security advisory.

Limited Disclosure

Google has not disclosed whether the exploitation was targeted or part of a broader campaign, and is withholding technical details until the majority of users have updated. This restriction may extend further if third-party projects that depend on Chrome's codebase require additional time to patch.

Patched Versions

Windows and Mac — Chrome 145.0.7632.75

Linux — Chrome 144.0.7559.75

Updates are rolling out over the coming days and will be applied automatically for most users.

Context

Google patched eight actively exploited Chrome zero-days throughout 2025. CVE-2026-2441 opens this year's count, continuing a pattern of attackers targeting browser-level vulnerabilities for initial access. The fix arrives in the same week that researchers exposed 30 malicious Chrome extensions stealing credentials from 300,000 users and a separate campaign of 287 extensions exfiltrating browsing history — highlighting that Chrome's attack surface extends well beyond code vulnerabilities into its extension ecosystem.

Recommendation

Update Chrome immediately. Verify the update has applied by navigating to chrome://settings/help. Organizations should push the update through enterprise management tools and monitor for users still running vulnerable versions. Given the active exploitation and the trivial attack vector — simply visiting a malicious webpage — delay in patching leaves users exposed to drive-by compromise.

Read more

ClickFix Campaign Compromises Legitimate Sites to Deploy MIMICRAT — A Custom C++ RAT With 22 Post-Exploitation Commands

ClickFix Campaign Compromises Legitimate Sites to Deploy MIMICRAT — A Custom C++ RAT With 22 Post-Exploitation Commands

Elastic Security Labs has disclosed a new ClickFix campaign that leverages compromised legitimate websites as delivery infrastructure to deploy a previously undocumented remote access trojan dubbed MIMICRAT (also tracked as AstarionRAT). The campaign, discovered earlier this month, demonstrates significant operational sophistication — from multi-stage PowerShell chains that bypass Windows security controls

By Zero Day Wire
ShinyHunters Linked to Device Code Vishing Attacks Targeting Microsoft Entra Accounts via OAuth 2.0 Abuse

ShinyHunters Linked to Device Code Vishing Attacks Targeting Microsoft Entra Accounts via OAuth 2.0 Abuse

A new wave of attacks is combining voice phishing (vishing) with OAuth 2.0 device authorization abuse to compromise Microsoft Entra accounts at technology, manufacturing, and financial organizations — bypassing traditional phishing infrastructure entirely. Sources told BleepingComputer they believe the ShinyHunters extortion gang is behind the campaigns, which the threat actors

By Zero Day Wire