Company confirms previously unknown vulnerability already being explooited by hackers
PUBLISHED : 21 Feb 2026 at 13:03
NEWSPAPER SECTION: Life
WRITER: Puriward Sinthopnumchai
Google has released an emergency security update for its Chrome browser to address a critical zero-day vulnerability that is already being exploited by hackers.
A zero-day flaw is so named because it is a previously unknown security vulnerability that is actively exploited by hackers before the vendor becomes aware of it or has time to create a fix.
Google confirmed the patch following reports that the flaw, tracked as CVE-2026-2441, has been actively targeted. The vulnerability has been assigned a high-severity risk score of 8.8 out of 10, reflecting the potential danger to users worldwide.
According to a Friday notice on the official Chrome Releases blog, the update was fast-tracked on Feb 13. Users are being urged to update their browsers immediately to mitigate the risk of a remote breach.
The flaw is described as a “Use-After-Free” vulnerability within the Google Chrome rendering engine. This specific type of memory corruption allows an attacker to execute arbitrary code within the browser’s sandbox environment.
To successfully execute an attack, a hacker must trick a victim into visiting a specifically crafted malicious website or interacting with compromised HTML content. Once the page is opened, the exploit triggers the memory flaw to gain control over the process.
Google has opted to keep the finer technical details of the exploit under wraps for the time being. The company said that restricting access to the “exploit primitives” prevents further hackers from adopting the method before the majority of users have applied the fix.
Information regarding specific targets or the identity of the threat actors involved has not yet been disclosed to the public.
Photo: screenshot
Users can update Chrome by clicking the three-dot menu in the top-right corner, selecting “Help” and then “About Google Chrome”. The browser will automatically download the latest update, after which users should restart their browser. The update can also be accessed directly at chrome://settings/help.
Photo: screenshot
For users on the Stable Desktop channel, the secure versions are identified by the following build numbers:
The emergency fix serves as a reminder of the persistent threats facing web infrastructure. Security experts suggest that “zero-day” exploits — vulnerabilities unknown to the developer until an attack occurs — are increasingly being used by sophisticated cyber-criminal groups.
While Chrome users receive the update directly from Google, those using other Chromium-based browsers may still be at risk. Users of Microsoft Edge, Brave, Opera and Vivaldi are advised to monitor their respective developers for incoming patches.
Google stressed that updating immediately is the best way to reduce exposure to potential cyberattacks.
Source: chromereleases
Subscribe to our newsletters for daily updates, breaking news and exclusive content.
By subscribing, you accept the terms and conditions in our privacy policy.
To enjoy the full Bangkok Post experience,
please disable your ad blocker.
AI Search


