Google Chrome, Use After Free, CVE-2026-2441 (High)

Listen to this Post

The CVE-2026-2441 vulnerability is a high-severity use-after-free flaw found in the CSS component of Google Chrome versions prior to 145.0.7632.75 . A use-after-free occurs when a program continues to reference memory after it has been freed, which can lead to program crashes or, in this case, allow an attacker to execute arbitrary code . This specific bug in the CSS font value processor could be triggered by convincing a user to visit a specially crafted HTML page . Once triggered, the flaw allows a remote attacker to execute arbitrary code, although it is contained within Chrome’s sandbox . Discovered by researcher Shaheen Fazim on February 11, 2026, Google confirmed that an exploit for this vulnerability exists in the wild, making it the first actively exploited Chrome zero-day of 2026 .

DailyCVE Form:

Platform: Chrome/Chromium browsers
Version: prior 145.0.7632.75
Vulnerability : Use After Free
Severity: High (CVSS 8.8)
date: February 11, 2026

Prediction: Patch already released

What Undercode Say:

Analytics:

Check Chrome Version (Linux)
google-chrome --version
Check Chrome Version (macOS)
/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --version
Check Chrome Version (Windows - from CMD)
reg query "HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon" /v version
Grep for CVE in system logs (hypothetical)
sudo journalctl | grep -i "CVE-2026-2441"
Hypothetical script to check User-Agent strings for vulnerable versions
import requests
response = requests.get('https://example.com', headers={'User-Agent': 'Mozilla/5.0...'})
server_version = response.headers.get('X-Chrome-Version') Not a real header, for illustration
if server_version and server_version < '145.0.7632.75':
print(f"Potential vulnerability (CVE-2026-2441) detected: Version {server_version}")

How Exploit:

1. Attacker crafts malicious HTML page .

2. Exploit targets CSS font value iterator .

3. Triggers use-after-free in memory .

4. Achieves arbitrary code execution .

Protection from this CVE:

  • Update Chrome immediately .
  • Enable automatic browser updates .
  • Apply Chromium browser patches .
  • Exercise caution with links .

Impact:

  • First 2026 Chrome zero-day .
  • Remote code execution possible .
  • Active wild exploitation confirmed .

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: www.cve.org
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top