Key Takeaways
1. Google’s Chrome Desktop Stable update addresses a high-severity exploit (CVE-2026-2441) related to a use-after-free bug in CSS, which is actively being exploited.
2. Other browsers like Opera and Vivaldi are also releasing updates to fix the same vulnerability due to their use of Chrome’s core engine.
3. CVE-2026-2441 could allow attackers to execute arbitrary code in the browser through specially crafted HTML pages.
4. The rollout of the Chrome update includes versions 145.0.7632.75/76 for Windows and macOS, and version 144.0.7559.75 for Linux, with staggered availability over the coming days/weeks.
5. Users should check their browser versions in the “About” section and restart the browser to ensure they have the latest updates installed.
Google’s most recent Chrome Desktop Stable update is being rolled out this week, and it’s something users might want to pay attention too. In their release note from February 13, Google acknowledged an exploit “out there” for CVE-2026-2441, which is a High-severity use-after-free bug in CSS.
Shared Vulnerabilities Across Browsers
Since the core engine of Chrome is used by many browsers, the same CVE is also part of other updates. Opera’s Stable update on February 14 recognizes CVE-2026-2441 as a security fix, while Vivaldi’s latest minor update version 7.8 also mentions this vulnerability, specifically indicating an active exploit in the wild.
Details of the Vulnerability
The National Institute of Standards and Technology’s (NIST) National Vulnerability Database (NVD) describes CVE-2026-2441 as a use-after-free issue in Chrome’s handling of CSS. This could potentially allow a remote attacker to run arbitrary code within the browser sandbox through a specially crafted HTML page.
Google’s Chrome Releases post credits Shaheen Fazim for reporting this issue on February 11, 2026, and mentions that access to bug details may be limited until most users receive the update—this is typical for bugs that are actively being exploited.
Update Versions and Rollout Timing
According to Google, Chrome Desktop Stable has been updated to versions 145.0.7632.75/76 for Windows and macOS, while Linux users get version 144.0.7559.75, with the rollout expected to continue over “the coming days/weeks.”
On February 14, 2026, Opera’s Stable channel update included CVE-2026-2441 in its security highlights for version 127.0.5778.64.
Vivaldi’s “Minor update (2) for Vivaldi Desktop Browser 7.8” indicates it has been updated to Chromium 144 ESR (144.0.7559.175) and includes the fix for CVE-2026-2441, also stating that there is an active exploit known.
Checking Your Browser Status
If you are using Chrome, the quickest way to check your status is to visit the “About” page and confirm that you’re on the updated build (and relaunch when prompted). Because Google’s rollout can be staggered, two devices checked on the same day may still show different point releases until the update process is finished.
For users of Opera and Vivaldi, the best method is the same: navigate to the browser’s built-in update/About section to ensure you have the versions mentioned above (or newer), and then restart the browser to make sure the updated code is loaded successfully.
Source:
Link
Leave a Reply