Google has released Chrome 145.0.7632.75/76 for Windows and Mac, and 144.0.7559.75 for Linux, addressing a high-severity use-after-free vulnerability (CVE-2026-2441) in CSS that is actively exploited in the wild.
Google has rolled out a critical security update to the Chrome Stable channel, addressing a high-severity vulnerability that is currently being exploited in real-world attacks. The update brings Chrome to version 145.0.7632.75/76 for Windows and Mac users, while Linux users receive version 144.0.7559.75.
Critical Vulnerability Patched
The security fix addresses CVE-2026-2441, a use-after-free vulnerability in Chrome's CSS engine. This type of vulnerability occurs when a program continues to use a memory pointer after the memory it points to has been freed, potentially allowing attackers to execute arbitrary code or cause denial-of-service conditions.
Google has confirmed that an exploit for this vulnerability exists in the wild, making immediate updating essential for all Chrome users. The vulnerability was reported by security researcher Shaheen Fazim on February 11, 2026.
Security Infrastructure at Work
Google highlighted the sophisticated security infrastructure that helps identify these vulnerabilities before they reach stable releases. The company employs multiple detection tools including:
- AddressSanitizer
- MemorySanitizer
- UndefinedBehaviorSanitizer
- Control Flow Integrity
- libFuzzer
- AFL (American Fuzzy Lop)
These tools form a comprehensive defense-in-depth strategy that catches memory corruption issues and undefined behaviors during the development process.
Update Deployment
The update will roll out gradually over the coming days and weeks to ensure stability across the massive user base. Chrome's phased deployment strategy helps prevent widespread issues by monitoring the update's performance before full distribution.
Users can manually check for updates by navigating to Chrome's settings menu and selecting "About Chrome," or by typing chrome://settings/help in the address bar. Chrome will automatically download and install the update when available.
Security Research Recognition
Google acknowledged the ongoing collaboration with security researchers who work to identify and report vulnerabilities before they can be exploited. This partnership between tech companies and the security research community remains crucial for maintaining browser security.
Protection Recommendations
While Chrome updates automatically by default, users should verify they're running the latest version, especially given the active exploitation of this vulnerability. The update process typically requires a browser restart to complete installation.
For organizations managing Chrome deployments, Google recommends prioritizing this update through administrative channels to ensure all systems receive the security patch promptly.
Broader Security Context
This release underscores the ongoing challenge of securing complex web browsers that serve as gateways to the internet for billions of users. Use-after-free vulnerabilities remain a persistent threat in modern software, requiring constant vigilance and rapid response from browser vendors.
Chrome's security team continues to balance the need for rapid vulnerability patching with the stability requirements of enterprise users, implementing a measured rollout approach that protects both security and reliability.
Users experiencing issues with the update or discovering new security concerns can report them through Chrome's bug filing system or seek assistance through the community help forum.
The Chrome Security Page provides additional details about security practices and vulnerability disclosure policies for users seeking more information about browser security measures.
Comments
Please log in or register to join the discussion