Google has rushed out an emergency security update for its Chrome browser after discovering that hackers are actively exploiting a serious flaw. This is the first zero-day vulnerability patched in 2026.
The issue, tracked as CVE-2026-2441, is what security experts call a zero-day. That means attackers found and used the flaw before Google had a chance to fix it. In a security advisory, Google confirmed it is aware that an exploit for the vulnerability exists in the wild.
What Was the Problem?
A bug with use-after-free vulnerabilities means that the browser attempts to access memory already invalidated from use by the browser, which causes crashes, display issues, loss of data/retry data and random behaviour.
The issue was discovered from how Chrome parses certain font properties in web pages, as reported by an independent researcher (Shaheen Fazim). According to Google’s internal Chromium revision history information, the issue stemmed from an issue involving the iterators of some of the components within the CSSFontFeatureValuesMap class.
Google’s patch is focused on addressing the immediate issues, as internal notes have indicated that there is still work to be done on the related issues beyond providing a patch to prevent ongoing active exploits. Further enhancements to the Axis and Cross Behaviour Points delivery system will occur.
Why This Update Matters
When Google labels a patch as “cherry-picked,” it usually means the fix has been pulled into the current stable version quickly instead of waiting for the next major release. That typically happens when a vulnerability is serious and already being exploited.
Although Google confirmed that attackers are using this flaw, it has not shared details about how the attacks are being carried out or who is being targeted. The company often limits such information until most users have installed the update. This reduces the risk of copycat attacks.
Who Is Affected?
The update is rolling out to users on Windows, macOS, and Linux through the Stable Desktop channel. The latest versions include:
- Windows and macOS: 145.0.7632.75 / 145.0.7632.76
- Linux: 144.0.7559.75
The rollout will happen gradually over days or weeks, depending on your system and region.
What You Should Do
If you use Chrome, it’s important to update as soon as possible.
You can manually check by:
- Opening Chrome
- Clicking the three dots in the top-right corner
- Going to Help > About Google Chrome
Chrome will automatically check for updates and install them. You may need to restart the browser to complete the process.
If you prefer, you can also allow Chrome to update automatically and apply the fix the next time you relaunch the browser.
While this is the first actively exploited Chrome zero-day fixed in 2026, Google dealt with eight such vulnerabilities in 2025.
For more such tech news, tips, and updates, keep coming back to Devicology and share this information with your friends.
Also Read: Acer And ASUS Face Sales Ban In Germany After Nokia HEVC Patent Verdict
