Google has patched a Zero-day vulnerability in Google Chrome.
Google has patched a Zero-day vulnerability in Google Chrome.
Google has patched a Zero-day vulnerability in Google Chrome. Severity: HIGH (CVE-2026-2441)
CVSS V3.0 Score: 8.8
Information
Google Chrome is a web browser developed by Google, built on the Chromium engine for speed, simplicity, and high security. It offers seamless integration with Google services and supports a vast library of extensions, making it the most popular browser worldwide.
Zero-Day refers to a software or hardware vulnerability that is unknown to the developers or has no available patch at the time of discovery. This leaves developers with "zero days" to fix the issue before it can be exploited by attackers in the wild.
Incident
Google (google.com) reported a security incident involving a cyberattack on February 16, 2026. No specific threat actor has been identified as the perpetrator of the exploit at this time. The incident centers on a zero-day vulnerability in the Google Chrome browser that was discovered to be actively used in attacks prior to a patch being available.
On February 13, 2026, Google released emergency security updates for CVE-2026-2441, a use-after-free bug in the CSS component of the browser. This flaw allows remote attackers to execute code or cause browser crashes. The incident is classified with a severity level of info, and such vulnerabilities typically present risks of unauthorized system access or data corruption if users do not apply updates promptly.
Picture 1 Google Chrome Version Screen After Zero-Day Patch Update.
Notably, the commit message indicates that while the CVE-2026-2441 patch addresses "the immediate problem," there is still "remaining work" tracked in bug 483936078, suggesting the fix may be temporary or that related issues have yet to be fully resolved.
Incident
For users of Google Chrome and other Chromium-based browsers, this incident introduces risks of arbitrary code execution and service disruption. If exploited, attackers could potentially gain unauthorized access to browser sandboxes or cause severe instability, leading to application crashes. There is a possibility that sensitive session data or credentials could be compromised if a user visits a malicious HTML page designed to trigger the flaw.
Recommendation
- Users are advised to update their Chrome browser to versions 145.0.7632.75/76 for Windows and Apple macOS, and 144.0.7559.75 for Linux.
- Users of other Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, are also advised to apply the fixes as and when they become available.
- Users should exercise caution when clicking links from unknown emails or visiting untrusted (non-HTTPS) websites. This prevents accidental exposure to pages specifically crafted to exploit the CSS component flaw.
The important things is Security systems. We must concern and monitor as usual.
For more information please contact
Email :sales@inetms.co.th
065 149 2822 (Ms.Suphatson )
063 204 4534 (Ms.Atsamaphorn)
065 929 6330 (Ms.Kansinee)
061 387 9439 (Ms.Sirilak)
092 257 6902 (Ms.Narusorn)
063 197 7510 (Mr.Yanotai)
065 725 7405 (Ms.Nattharini)
065 725 7405 (Ms.Donraya)
References
- https://www.upguard.com/news/google-data-breach-2026-02-17
- https://thehackernews.com/2026/02/new-chrome-zero-day-cve-2026-2441-under.html
- https://www.bleepingcomputer.com/news/security/google-patches-first-chrome-zero-day-exploited-in-attacks-this-year/
- htthttps://issues.chromium.org/issues/483936078
Weekly Interesting CVE
| NO. |
CVE Name |
Published Date |
Last Update |
Device/Appplication/OS Target |
Attack Type |
CVSS |
Detail |
Solution |
Reference |
|---|---|---|---|---|---|---|---|---|---|
| 1 |
CVE-2026-2441 |
13/02/2026 |
14/02/2026 |
Chrome versions prior to 145.0.7632.75 on Windows/Mac. |
Use-After-Free |
8.8 |
A use-after-free vulnerability in Google Chrome's CSS engine, which allows memory to be used after a dangling pointer is released, enables attackers to use specially crafted HTML pages to execute arbitrary code within a sandbox (remote code execution)—even in a sandbox environment, this could lead to more sophisticated attacks when combined with other vulnerabilities. |
Windows / macOS: Chrome 145.0.7632.75 and 145.0.7632.76 |
https://app.opencve.io/cve/CVE-2026-2441
|
| 2 |
CVE-2025-7195 |
8/7/2025 |
16/02/2026 |
Operator-SDK versions prior to 0.15.2 |
Privilege Escalation |
5.2 |
The Operator-SDK provides an insecure method to allow Operator containers to run in environments using random UIDs. Versions prior to 0.15.2 included a user_setup script that modified the /etc/passwd file permissions to 664 during image build. In affected images, the /etc/passwd file is created with group write permissions and the owner group is root (gid=0). An attacker capable of executing commands within the affected container, even as a non-root user, could exploit root group membership to modify the /etc/passwd file. |
Update the Operator-SDK to version 0.15.2 or higher. |
https://app.opencve.io/cve/CVE-2025-7195
|
| 3 |
CVE-2026-1841 |
13/02/2026 |
13/02/2026 |
The PixelYourSite – Your smart PIXEL (TAG) & API Manager plugin is for WordPress versions prior to 11.2.0. |
Cross-Site Scripting (XSS) |
7.2 |
The PixelYourSite plugin version 11.2.0 and earlier has a vulnerability that allows two parameters (pysTrafficSource and pys_landing_page) to bypass input sanitization and avoid proper output evasion. This enables unauthenticated attackers to embed JavaScript code into web pages, which is then executed every time a page is visited. |
Update to version 11.2.0.1 or later. |
|
| 4 |
CVE-2026-24853 |
13/02/2026 |
13/02/2026 |
Caido before version 0.55.0 |
Access Control Bypass |
8.1 |
Prior to version 0.55.0, Caido attempted to block domains not on the whitelist from connecting via port 8080, but this could be bypassed by inserting headers such as *X-Forwarded-Host: 127.0.0.1:8080*, allowing unauthorized attackers to access the protected endpoint. |
Update Caido to version 0.55.0 or later. |
https://app.opencve.io/cve/CVE-2026-24853
|
| 5 |
CVE-2026-1306 |
14/02/2026 |
14/02/2026 |
midi-Synth plugin for WordPress versions prior to 1.1.0. |
Unrestricted File Upload |
9.8 |
A vulnerability found in the **midi-Synth Plugin for WordPress** arises from the plugin's failure to properly check file types and extensions in the AJAX function named `export`. This allows attackers to upload any file to the affected website's server without prior login and could lead to remote code execution under certain conditions (e.g., the attacker could obtain a nonce value displayed in front-end JavaScript). |
There is no patch update yet. |
https://app.opencve.io/cve/CVE-2026-1306
|
Malware News or Campaign IOC/IOA | EN
|
No |
Campaign Name |
Detection Date |
Attack Type |
Description |
Mitigation/Remediation |
|---|---|---|---|---|---|
| 1 |
Fake 7-Zip website distributes trojanized installer, turns PCs into proxy nodes |
11/02/2026 |
Phishing |
As reported by Bleeping Computer, a malicious campaign is actively distributing a trojanized installer for the popular 7-Zip archiving tool through a fake website designed to trick users into downloading malware. The fraudulent website, impersonating the legitimate 7-Zip project at 7zip[.]com, mimics the original site's structure and text. Researchers at Malwarebytes discovered that the installer, digitally signed with a revoked certificate, contains the actual 7-Zip program alongside three malicious files: Uphero.exe, hero.exe, and hero.dll. These components establish a Windows service, modify firewall rules to allow network connections, and profile the system's hardware and network characteristics. The campaign also utilizes trojanized installers for other popular software like HolaVPN, TikTok, and WhatsApp. |
|
25 February 2026
Viewed 227 time
