Tag: CVE-2026-2441

  • Google Rushes to Fix Vulnerabilities After Exploit Code Released

    Google Rushes to Fix Vulnerabilities After Exploit Code Released

    Key Takeaways

    1. Google released a Chrome update on February 18, 2026, for desktop versions 145.0.7632.109/110 (Windows and macOS) and 144.0.7559.109 (Linux), rolling out in stages.
    2. The update included three security patches, in addition to addressing CVE-2026-2441.
    3. An Extended Stable channel update was also released on the same day, version 144.0.7559.220 for Windows and Mac, with a similar phased rollout.
    4. Mobile devices received stable updates with the same security fixes as the desktop versions, unless otherwise noted.
    5. CVE-2026-2441 was added to CISA’s Known Exploited Vulnerabilities catalog, with updates including a public proof-of-concept reference.

    On February 18, 2026, Google released an update for the Stable Channel on Desktop, upgrading Chrome to versions 145.0.7632.109/110 for Windows and macOS, and 144.0.7559.109 for Linux. This update will be rolled out in stages over the next few days or weeks.

    Security Fixes Included

    In the release notes for the desktop version from February 18, Google mentioned three security patches that were included, aside from CVE-2026-2441.

    Extended Stable Channel Updates

    On the same day, Google also updated the Extended Stable channel to version 144.0.7559.220 for both Windows and Mac, with a similar phased rollout expected in the coming days or weeks.

    Mobile Updates Released

    In conjunction with the desktop updates, there were stable updates for mobile devices as well. The Android release notes highlighted that the Android versions include the same security fixes as their desktop counterparts, unless stated otherwise.

    CVE-2026-2441 has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. The NVD page reflects KEV data, showing relevant details:

    CISA publicly announced the addition of CVE-2026-2441 to the catalog during a batch update. The NVD record was updated once more, including a public proof-of-concept (PoC) reference.

    The change history for the NVD entry indicates further updates after the initial announcement, such as a modification by CISA-ADP on February 20, 2026, which included a link to a publicly available PoC.

    Source:
    Link

     

    Tags: , ,
  • Chrome 145 Update Patches Critical CVE-2026-2441 Zero-Day Flaw

    Chrome 145 Update Patches Critical CVE-2026-2441 Zero-Day Flaw

    Key Takeaways

    1. Google’s Chrome Desktop Stable update addresses a high-severity exploit (CVE-2026-2441) related to a use-after-free bug in CSS, which is actively being exploited.
    2. Other browsers like Opera and Vivaldi are also releasing updates to fix the same vulnerability due to their use of Chrome’s core engine.
    3. CVE-2026-2441 could allow attackers to execute arbitrary code in the browser through specially crafted HTML pages.
    4. The rollout of the Chrome update includes versions 145.0.7632.75/76 for Windows and macOS, and version 144.0.7559.75 for Linux, with staggered availability over the coming days/weeks.
    5. Users should check their browser versions in the “About” section and restart the browser to ensure they have the latest updates installed.

    Google’s most recent Chrome Desktop Stable update is being rolled out this week, and it’s something users might want to pay attention too. In their release note from February 13, Google acknowledged an exploit “out there” for CVE-2026-2441, which is a High-severity use-after-free bug in CSS.

    Shared Vulnerabilities Across Browsers

    Since the core engine of Chrome is used by many browsers, the same CVE is also part of other updates. Opera’s Stable update on February 14 recognizes CVE-2026-2441 as a security fix, while Vivaldi’s latest minor update version 7.8 also mentions this vulnerability, specifically indicating an active exploit in the wild.

    Details of the Vulnerability

    The National Institute of Standards and Technology’s (NIST) National Vulnerability Database (NVD) describes CVE-2026-2441 as a use-after-free issue in Chrome’s handling of CSS. This could potentially allow a remote attacker to run arbitrary code within the browser sandbox through a specially crafted HTML page.

    Google’s Chrome Releases post credits Shaheen Fazim for reporting this issue on February 11, 2026, and mentions that access to bug details may be limited until most users receive the update—this is typical for bugs that are actively being exploited.

    Update Versions and Rollout Timing

    According to Google, Chrome Desktop Stable has been updated to versions 145.0.7632.75/76 for Windows and macOS, while Linux users get version 144.0.7559.75, with the rollout expected to continue over “the coming days/weeks.”

    On February 14, 2026, Opera’s Stable channel update included CVE-2026-2441 in its security highlights for version 127.0.5778.64.

    Vivaldi’s “Minor update (2) for Vivaldi Desktop Browser 7.8” indicates it has been updated to Chromium 144 ESR (144.0.7559.175) and includes the fix for CVE-2026-2441, also stating that there is an active exploit known.

    Checking Your Browser Status

    If you are using Chrome, the quickest way to check your status is to visit the “About” page and confirm that you’re on the updated build (and relaunch when prompted). Because Google’s rollout can be staggered, two devices checked on the same day may still show different point releases until the update process is finished.

    For users of Opera and Vivaldi, the best method is the same: navigate to the browser’s built-in update/About section to ensure you have the versions mentioned above (or newer), and then restart the browser to make sure the updated code is loaded successfully.

    Source:
    Link

     

    Tags: , ,