Google Amends Chrome with the First Important Security Fix in 2026 (CVE-2026-2441)

Patch your Chrome browser! Google has issued a security update to address a serious security flaw that hackers are already exploiting.

“The Stable channel has been updated to 145.0.7632.75/76 for Windows/Mac  and 144.0.7559.75 for Linux, which will roll out over the coming days/weeks,” the Chrome Releases blog said in a Friday post.

The update is solely destined to patch a security flaw – one that users should take seriously if Google’s wording is any indication.

An exploit exists in the wild

The vulnerability, tracked as CVE-2026-2441, is described as a “use after free” issue in CSS. Use-after-free issues can be exploited for heap corruption, which attackers can leverage to compromise a target – typically by directing the victim to a malicious website through phishing or malvertising.

Google credits researcher Shaheen Fazim for discovering and reporting the issue. As usual, Google is restricting access to bug details “until a majority of users are updated with a fix.”

According to the advisory, “Google is aware that an exploit for CVE-2026-2441 exists in the wild.”

The bug’s severity is rated “high” by the NIST National Vulnerability Database.

Patch today!

As we regularly warn, even if you’re not a high-risk person, it’s always a good idea to stay up to date with the latest security patches – you never know when you might become a target.

As a rule of thumb, avoid clicking on suspicious links in emails or on websites, as they could lead to compromised sites exploiting a vulnerability on your end.

As of today, you want to be on Chrome 145.0.7632.75/76 on Windows and Mac and Chrome 144.0.7559.75 on Linux.

The mobile versions of Chrome are apparently unaffected, as Google makes no mention of the same updates being delivered to Android and iOS users. However, Google sometimes takes a while before announcing the mobile updates.

Note: Android releases contain the same security fixes as their corresponding Desktop releases, unless otherwise noted. If you use Chrome on your Android phone, be sure to update when Google warns of a weakness actively exploited by threat actors.

The desktop version of Chrome automatically checks for the latest version every time it relaunches. If you haven’t closed Chrome in a while, you can start the process manually. Visit the three-dotted options menu, choose Settings -> About Chrome, and let the browser fetch the latest version from Google’s servers. When prompted, relaunch Chrome.

For peace of mind, run a dedicated security solution on all your personal devices.

You may also want to read:

iOS 26.3 Fixes an Important Security Flaw Exploited in Targeted Hacker Attacks. Update Now!

Google to Pay $68 Million to Settle Android ‘Eavesdropping’ Claims

Europe Slaps Tech Sector with €1.2 Billion in Fines under GDPR in 2025