Unrated severityCISA KEVNVD Advisory· Published Feb 13, 2026· Updated Feb 26, 2026
CVE-2026-2441
CVE-2026-2441
Description
Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- osv-coords4 versionspkg:apk/chainguard/chromiumpkg:apk/wolfi/chromiumpkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweed
< 144.0.7559.109-r2+ 3 more
- (no CPE)range: < 144.0.7559.109-r2
- (no CPE)range: < 144.0.7559.109-r2
- (no CPE)range: < 145.0.7632.75-bp160.1.1
- (no CPE)range: < 145.0.7632.45-1.1
Patches
Vulnerability mechanics
References
2News mentions
7- ⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and MoreThe Hacker News · Jun 15, 2026
- Google Chrome 0-Day Vulnerability Exploited in the Wild — Update NowCyber Security News · Jun 9, 2026
- Chrome's zero-day Whac-A-Mole continues with fifth exploited bug of the yearThe Register Security · Jun 9, 2026
- Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch NowThe Hacker News · Jun 9, 2026
- Google patches Chrome zero-day exploited in the wild (CVE-2026-11645)Help Net Security · Jun 9, 2026
- Google patches new Chrome zero-day flaw exploited in the wildBleepingComputer · Jun 9, 2026
- Google Patches 5th Chrome Zero-Day Exploited in 2026SecurityWeek · Jun 9, 2026