Google has released a security update to patch a newly discovered zero-day in Chrome and the company warned an exploit exists in the wild.
The update, published on February 13, was accompanied by an advisory on CVE-2026-2441, a high severity security vulnerability in Google Chrome for desktop on Windows, Mac and Linux.
As detailed by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD), the bug originated from an issue in Cascading Style Sheets (CSS) allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Google has not provided specific details about CVE-2026-2441 and said, “Access to bug details and links may be kept restricted until a majority of users are updated with a fix.”
The tech giant also confirmed that it “is aware that an exploit for CVE-2026-2441 exists in the wild.”
Discovery of the vulnerability was credited to security researcher, Shaheen Fazim, who reported it on February 11. Google released the security update just two days later.
New security vulnerabilities regularly emerge in browsers. During 2025 Google released eight emergency patches to protect Chrome against new exploits which were actively being abused by attackers.
While security patches to protect against new vulnerabilities are often quickly released, if left unpatched they provide attackers with a commonly exploited point of entry for cyber-attacks against the enterprise.
Image credit: Thaspol Sangsee / Shutterstock.com