Find notable cyber news and cases, enriched with sources, timelines, and signals.

Chrome CSS use-after-free security flaw (CVE-2026-2441)

Vulnerability
First reported
Last updated
Happening score
H score 51
2 unique sources, 2 articles

Summary

Hide ▲

Chrome is being patched for CVE-2026-2441, a high-severity use-after-free zero-day in the browser’s CSS component that was exploited in the wild. The emergency fix affects Windows, Mac, and Linux builds, and the flaw could let a user be lured to a malicious website that triggers browser code execution. Even with the browser sandbox in place, the bug raises risk of session theft, data theft, and further attacks.

Related Happenings

Chrome V8 JavaScript engine out-of-bounds read/write zero-day exploited in the wild (CVE-2026-11645)

Vulnerability
H score45 First: 09.06.2026 09:56 Last: 09.06.2026 09:56 Sources 1

About this happening: **Google** has patched **CVE-2026-11645**, a **Chrome V8 JavaScript engine** zero-day that was **exploited in the wild** and could let remote attackers run code inside the browser...

Chromium JavaScript background RCE flaw

Vulnerability
H score16 First: 21.05.2026 21:13 Last: 21.05.2026 21:13 Sources 1

About this happening: The unfixed **Chromium** flaw keeps **JavaScript** running after the browser is closed, creating **remote code execution** risk across **Chromium-based browsers**. A malicious sit...

Google overhauls Android and Chrome bug bounty programs

Commercial Activity
H score0 First: 05.05.2026 14:24 Last: 05.05.2026 14:24 Sources 1

About this happening: **Google** overhauls its **Android and Chrome** vulnerability rewards programs, reshaping payout tiers for **exploit research** and raising top rewards to **$1.5 million**. The ch...

Google Chrome 146 adds Device Bound Session Credentials to block session-cookie theft

Security Tool/Service
H score11 First: 09.04.2026 21:33 Last: 09.04.2026 21:33 Sources 1

About this happening: Google has rolled out **Device Bound Session Credentials (DBSC)** in **Chrome 146 for Windows**, binding sessions to device hardware to blunt **infostealer malware** that steals s...

Chrome/Dawn actively exploited use-after-free flaw (CVE-2026-5281)

Vulnerability
H score1 First: 01.04.2026 13:25 Last: 01.04.2026 13:25 Sources 1

About this happening: **Google Chrome Stable Desktop** on **Windows, macOS, and Linux** is getting an **emergency fix** for **CVE-2026-5281**, a **use-after-free** flaw in **Dawn/WebGPU**. Google says...

Timeline

  1. 16.02.2026 09:54 2 articles · 4mo ago

    Shaheen Fazim reports CVE-2026-2441 to Google

    Initial Disclosure

    Shaheen Fazim reported CVE-2026-2441 to Google on February 11, identifying a high-severity use-after-free vulnerability in Chrome’s CSS component. Google later credited the researcher for responsibly disclosing the flaw.

    Show sources
  2. 16.02.2026 09:54 1 articles · 4mo ago

    Google ships emergency Chrome fix for CVE-2026-2441

    Mitigation Patch Update

    Google released emergency Chrome builds 145.0.7632.75/76 for Windows/Mac and 144.0.7559.75 for Linux on February 16 to fix CVE-2026-2441 after confirming that an exploit exists in the wild. Google warned that a malicious website could trigger browser code execution, with sandbox escape likely requiring an additional vulnerability.

    Show sources