Google patches first Chrome zero-day of the year - so update now or face attack

A worrying Google Chrome bug was patched

News By Sead Fadilpašić published 16 February 2026

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Threads
• Email

Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Get the TechRadar Newsletter

Sign up for breaking news, reviews, opinion, top tech deals, and more.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

An account already exists for this email address, please log in. Subscribe to our newsletter

• Google patches Chrome zero-day CVE-2026-2441, a “use after free” bug in CSS
• Exploit allowed arbitrary code execution via crafted HTML pages, actively abused in the wild
• Update to Chrome 145.0.7632.75/76 (Windows/Mac) or 144.0.7559.75 (Linux) to stay protected

Google has patched a high-severity vulnerability in the Chrome browser which was apparently being used as a zero-day in the wild.

In a security advisory, Google said it addressed CVE-2026-2441, a “use after free in CSS in Google Chrome prior to 145.0.7632.75”. This bug, given a severity score of 8.3/10 (high), allows threat actors to execute arbitrary code inside a sandbox via a crafted HTML page.

Usually, Google would push all Chrome updates automatically, so if you haven’t disabled automatic updates, just restart the browser and make sure it’s running 145.0.7632.75/76 for Windows and MacOS, or 144.0.7559.75 for Linux.

First zero-day of 2026

If you have disabled automatic updates, make sure to open Chrome, click the three dots in the top-right corner, and navigate to Help - About Google Chrome. On this page, the browser will automatically start checking for updates and will download and prompt you to relaunch it.

Since the bug is being actively exploited, make sure to apply the fix as soon as possible.

"Google is aware that an exploit for CVE-2026-2441 exists in the wild," Google said in a security advisory. It did not say who the victims were, how the bug was leveraged, or who the attackers were. It said it was consciously withholding this information until the majority of browsers were patched, not to give other threat actors any advantages.

According to BleepingComputer, this is the first actively exploited Chrome vulnerability patched since the start of the year. The publication also stressed that the company patched eight zero-days last year, many of which were leveraged by state-sponsored threat actors.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors