Vulnerability Management

Google releases emergency Chrome update for zero-day exploit

Novel Chrome extension-exploiting attack covertly hijacks devices. (Adobe Stock)

Google has issued an emergency update to address a critical vulnerability in its Chrome browser, CVE-2026-2441, which has been actively exploited in the wild. This marks the first zero-day vulnerability patched in Chrome this year, as reported by Bleeping Computer.

The vulnerability, a use-after-free bug in Chrome's implementation of CSS font feature values, was discovered by security researcher Shaheen Fazim. Successful exploitation could lead to browser crashes, rendering issues, or data corruption. Google has confirmed an exploit exists in the wild but has not disclosed specific details about the attacks or targeted entities.

While the patch addresses the immediate problem, Google notes that further work is required, suggesting potential related issues may still exist. The update is rolling out to Windows, macOS, and Linux users on the Stable Desktop channel.

Source: Bleeping Computer

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds