New Chrome Zero-Day (CVE-2026-2441) Under Active Attack

New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released
好的，我现在需要帮用户总结一篇文章的内容，控制在100个字以内。用户已经提供了文章的英文内容，并且希望直接写描述，不需要特定的开头。首先，我得通读整篇文章，抓住主要信息。文章讲的是Google发布了Chrome浏览器的安全更新，修复了一个被利用的高危漏洞CVE-2026-2441。这个漏洞是CSS中的use-after-free错误，由安全研究员Shaheen Fazim发现。Google没有透露攻击者是谁或目标是谁，但承认漏洞在野外被利用。同时，苹果最近也修复了类似的零日漏洞。接下来，我需要把这些信息浓缩到100字以内。重点包括：Google修复Chrome漏洞，漏洞被利用，CVSS评分8.8，影响版本及建议更新。可能的结构是：Google发布Chrome安全更新修复高危零日漏洞CVE-2026-2441（CVSS 8.8），该漏洞已被野外利用。建议用户更新至指定版本以确保安全。检查一下是否在100字以内，并且没有使用不需要的开头。 </think> Google发布Chrome安全更新修复高危零日漏洞CVE-2026-2441（CVSS 8.8），该漏洞已被野外利用。建议用户更新至指定版本以确保安全。 2026-2-16 06:38:0 Author: thehackernews.com(查看原文) 阅读量:0 收藏

Zero-Day / Browser Security

Google on Friday released security updates for its Chrome browser to address a security flaw that it said has been exploited in the wild.

The high-severity vulnerability, tracked as CVE-2026-2441 (CVSS score: 8.8), has been described as a use-after-free bug in CSS. Security researcher Shaheen Fazim has been credited with discovering and reporting the shortcoming on February 11, 2026.

"Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page," according to a description of the flaw in the NIST's National Vulnerability Database (NVD).

Google did not disclose any details about how the vulnerability is being exploited in the wild, by whom, or who may have been targeted, but it acknowledged that "an exploit for CVE-2026-2441 exists in the wild."

While Google Chrome is no stranger to actively exploited vulnerabilities, the development once again highlights how browser-based flaws are an attractive target for malicious actors, given that they are installed everywhere and expose a broad attack surface.

The disclosure of CVE-2026-2441 makes it the first actively exploited zero-day in Chrome that Google has patched in 2026. Last year, the tech giant addressed eight zero-day flaws in Chrome that were either actively exploited or demonstrated as a proof-of-concept (PoC).

Last week, Apple also shipped iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw (CVE-2026-20700, CVSS score: 7.8) that had been weaponized as a zero-day to execute arbitrary code on susceptible devices as part of an "extremely sophisticated attack" targeting specific individuals who were running iOS devices running versions before iOS 26.

For optimal protection, users are advised to update their Chrome browser to versions 145.0.7632.75/76 for Windows and Apple macOS, and 144.0.7559.75 for Linux. To make sure the latest updates are installed, users can navigate to More > Help > About Google Chrome and select Relaunch.

Users of other Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, are also advised to apply the fixes as and when they become available.

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

文章来源: https://thehackernews.com/2026/02/new-chrome-zero-day-cve-2026-2441-under.html
如有侵权请联系:admin#unsafe.sh