Summary: Google has urgently released Chrome version 145 to patch CVE-2026-2441, a high-severity “use-after-free” vulnerability in the CSS engine. This is the first confirmed actively exploited Chrome zero-day of the year. The flaw allows remote attackers to execute arbitrary code within the browser sandbox by convincing a user to visit a specially crafted malicious webpage.
Business Impact: Extreme Endpoint Risk. Chrome is the primary gateway for enterprise SaaS and web activity. Successful exploitation grants attackers a foothold on employee workstations, enabling session hijacking, credential theft, and lateral movement into cloud environments.
Why It Happened: A memory management error in the CSS rendering component allowed malicious HTML/CSS code to reference memory after it had been freed, leading to code execution.
Recommended Executive Action: Force Update. Mandate an immediate restart of all Chrome, Edge, and Brave browsers across the organization to ensure version 145 (or equivalent) is active. For managed fleets, use Intune or Jamf to verify the update status within 24 hours.
Hashtags: #ChromeZeroDay #BrowserSecurity #GoogleChrome #Infosec #PatchNow #CVE20262441