Urgent Update for Chrome Users After High-Risk Security Bug Detected in Ongoing Attacks

It's been identified as CVE-2026-2441. vulnerability is a bug that allows users to use after free

within the web browser's Chrome zero-day CVE-2026-2441. It was discovered by an

independent researcher Shaheen Fazim only 5 days earlier on the 11th of February 2026.

The company has disclosed the problem in its most recent Stable Channel update highlighting

the possibility of exploits and advising users to upgrade immediately to avoid risk.

Chrome versions that were not updated with Google Chrome security patch are still vulnerable

to attacks on remote code execution which could allow attackers to exploit vulnerability to

memory loss and execute any malware through malicious web pages.

Use-after-free vulnerabilities like this one typically result from poor lifecycle management of

objects in rendering engines, which allows free memory to be accessed after deallocation.

Wild attackers have weaponized CVE-2026-2441, possibly linking it to other primitives to

escape sandboxes and privilege increase in Windows, macOS, and Linux systems. Google kept

the full information about the bug until users have updated and adhered to its policy to prevent

flaws from being exploited.

Companies should prioritise the patching of Chrome deployments, and look for signs of

compromise, such as abnormal network traffic Google websites, as well as then monitor CISA's

catalog of known exploited vulnerabilities for advisories from the federal government.

This is the second CERT-In Chrome warning India, which highlights the ongoing challenges

to rendering engine security in the wake of increasing threats from the nation state and financial

motives that target browsers.

There are no specific IOCs are yet available, however threat actors might spread exploits through

websites that are compromised or phishing.