AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

🔥 This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)

CVE-2026-2441: Google Chromium CSS Use-After-Free Vulnerability

infovulnerability🔥 Actively Exploited

security

Source: CISA Known Exploited VulnerabilitiesFebruary 16, 2026CVE-2026-2441

Summary

Google Chromium contains a use-after-free vulnerability (a bug where software tries to access memory that has already been freed, potentially causing crashes or allowing attackers to run malicious code) in its CSS (cascading style sheets, the code that controls how web pages look) that could let remote attackers corrupt heap memory (a region of computer memory used for dynamic storage) through a specially crafted HTML page. This vulnerability affects multiple browsers built on Chromium, including Chrome, Edge, and Opera, and is currently being actively exploited by attackers.

Solution / Mitigation

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Reference the Chrome releases blog at https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html for specific patching details.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.1%

Exploit Maturity

🔥 Actively Exploited

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-416

CAPEC (Attack Pattern)

CAPEC-233

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-2441

First tracked: February 17, 2026 at 07:00 PM

Classified by LLM (prompt v3) · confidence: 95%