Update now! Chrome update closes exploited vulnerability
Google released an emergency update for the Chrome web browser over the weekend. It closes a vulnerability that is already being exploited.
(Image: heise online / dmk)
Google released an out-of-band update for its Chrome web browser on Friday evening. With it, the developers are closing a security vulnerability that is already being exploited in the wild.
The vulnerability entry CVE-2026-2441 does not provide many details about the security flaw. "A use-after-free vulnerability in the CSS processing in Google Chrome prior to version 145.0.7632.75 allows an attacker to execute arbitrary code within a sandbox via a crafted HTML page," describes the Chrome project the problem (CVE-2026-2441, CVSS 8.8, Risk "high"). In such a vulnerability, the program code accesses resources that have already been freed again, the content of which is undefined. This usually causes a crash, but can also lead to the execution of injected malicious code.
According to the Chrome Release Announcement, versions 144.0.7559.75 for Linux, 145.0.7632.75/76 for macOS and Linux, and the Extended Stable version 144.0.7559.177 for macOS and Windows are no longer vulnerable to the security flaw.
Reported Wednesday, Fixed Friday
The security leak was reported to Google by Shaheen Fazim on Wednesday, February 11, 2026, and the developers released the update into software distribution on the evening of February 13. "Google is aware that an exploit for CVE-2026-2441 exists in the wild," the company states in the release announcements. Google remains silent on how exactly the attacks look, who they target, and to what extent they are occurring.
Videos by heise
The update can be initiated via the internal update mechanism. By clicking on the icon with the three stacked dots to the right of the address bar and then selecting "Help," you will find the "About Google Chrome" option. This displays the currently running software version and, if necessary, starts the update process. On Linux, calling the distribution's software manager is usually required for the update. As other webbrowsers like Microsoft Edge use the Chromium code base, updates for these should also be available soon. Users are advised to install them as soon as possible.
During the night before Thursday this week, Google released development branch 145 of Chrome. In it, the programmers have already fixed three high-risk vulnerabilities and eight with lower risk ratings.
(dmk)
