Google Chrome’s latest emergency update patches CVE‑2026‑2441, a high‑severity use‑after‑free flaw in the browser’s CSS engine that allowed remote code execution. The vulnerability was already being weaponised in the wild, but the new builds—145.0.7632.75/76 for Windows/macOS and 144.0.7559.75 for Linux—close the attack path. Updating now eliminates the risk. If you run an older version, you remain exposed to credential theft or ransomware deployment.
Understanding CVE‑2026‑2441: A Chrome CSS Use‑After‑Free Bug
How the Vulnerability Works
The bug lives inside Chrome’s CSS processing engine. A crafted style sheet frees a memory object, then reuses the dangling pointer, corrupting internal browser state. Because Chrome’s sandbox normally isolates web content, breaking out of it lets an attacker execute arbitrary code on the victim’s machine.
Real‑World Exploitation
Threat actors have already delivered malicious HTML pages that trigger the flaw. Once the exploit runs, it can install additional payloads, steal credentials, or pivot to other systems in the network. That’s why the issue was added to the U.S. Cybersecurity and Infrastructure Security Agency’s “Known Exploited Vulnerabilities” catalog.
Google’s Emergency Update Details
Affected Versions and Patch Numbers
Google released the following patched builds:
- Windows & macOS: Chrome 145.0.7632.75 and 145.0.7632.76
- Linux: Chrome 144.0.7559.75 or later
These versions close the use‑after‑free path in the CSS engine and restore sandbox integrity.
Deploying the Fix Across Your Organization
To ensure every endpoint is protected, follow these steps:
- Verify current Chrome version via chrome://settings/help.
- Use your software‑distribution tool to push the patched builds.
- Configure a compliance rule that flags any device still reporting a pre‑patched version.
- Schedule regular audits to confirm the updates remain in place.
Why You Should Patch Immediately
Potential Impact on Users and Enterprises
Chrome commands roughly 65 % of the desktop market share, and its engine powers many Electron apps and Android WebView components. A successful exploit can give an adversary a foothold on a single machine, which may lead to credential theft, ransomware deployment, or broader espionage campaigns. Even a single malicious web page could jeopardise an entire organization.
Best Practices for Ongoing Browser Security
Beyond applying this emergency patch, keep Chrome up to date automatically, monitor web traffic for unusual CSS patterns, and enforce strict endpoint‑detection policies. Regularly reviewing browser versions and applying security‑focused configuration baselines will reduce the attack surface and keep you one step ahead of emerging threats.
