cbcvebase.
CVE-2026-2441
published 2026-02-13

CVE-2026-2441: Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page…

PriorityP190high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2026-03-10
Exploited in the wild
EPSS
22.02%
97.4th percentile
Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Affected

10 ranges
VendorProductVersion rangeFixed in
chromiumchromium>= 0 < 145.0.7632.75-1~deb12u1145.0.7632.75-1~deb12u1
chromiumchromium>= 0 < 145.0.7632.75-1~deb13u1145.0.7632.75-1~deb13u1
chromiumchromium>= 0 < 145.0.7632.75-1145.0.7632.75-1
debianchromium< chromium 145.0.7632.75-1~deb12u1 (bookworm)chromium 145.0.7632.75-1~deb12u1 (bookworm)
googlechrome< 145.0.7632.75145.0.7632.75
googlechrome< 145.0.7632.76145.0.7632.76
googlechrome>= 145.0.7632.75 < 145.0.7632.75145.0.7632.75
googlechrome_chrome
msrcmicrosoft_edge
paloaltoprisma_browser

Detection & IOCsextracted from sources · hover to see the quote

  • ·The vulnerability affects Google Chrome prior to 145.0.7632.75 (Windows/macOS) and 144.0.7559.75 (Linux); Chromium-based browsers (Edge, Brave, Opera, Vivaldi) and downstream packages (chromium-qt6-ui, qt6-qtwebengine) are also affected and require separate patching.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
vulncheck8.8HIGH
cisa8.8HIGH
vendor_debian8.8HIGH
vendor_msrc8.8HIGH
vendor_redhat8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.