Google has begun rolling out a new Chrome Desktop Stable update, and it’s one most users should treat as a priority. The February 13 release notes confirm the company is aware of active exploitation “in the wild” tied to CVE-2026-2441, a high-severity security flaw affecting Chrome’s CSS component.
Because Chromium is the shared foundation behind multiple desktop browsers, this same vulnerability is also being addressed beyond Chrome. Recent stable updates for Opera and a new minor release for Vivaldi both include fixes for CVE-2026-2441, with Vivaldi specifically calling out that there’s a known exploit currently circulating.
What CVE-2026-2441 is, and why it matters
CVE-2026-2441 is classified as a use-after-free bug in how Chrome handles CSS. According to the U.S. government’s vulnerability tracking details, the issue could allow a remote attacker to run arbitrary code within the browser’s sandbox if a victim visits a specially crafted web page. In practical terms, that means simply opening the wrong page could be enough to put a user at risk—no downloads required.
Google credits security researcher Shaheen Fazim for reporting the vulnerability on February 11, 2026. As is typical for actively exploited security issues, technical details may remain limited until the majority of users have received the patch, reducing the chance that attackers can use public information to scale up attacks against unpatched systems.
Patched versions to look for (Chrome, Opera, and Vivaldi)
Google states that Chrome Desktop Stable is being updated to:
– 145.0.7632.75/76 on Windows and macOS
– 144.0.7559.75 on Linux
The update is rolling out gradually over the coming days and weeks, which means some users may see it immediately while others get it later—even if they check on the same day.
Opera’s Stable channel update dated February 14, 2026, includes CVE-2026-2441 in its security highlights for:
– Opera 127.0.5778.64
Vivaldi’s latest 7.8 minor update notes it moved to a newer Chromium base and includes the same security fix:
– Chromium 144 ESR (144.0.7559.175) within the updated Vivaldi 7.8 release
How to protect yourself if you haven’t been updated yet
The fastest way to confirm you’re protected is to check your browser’s built-in “About” or update page and verify the version number matches the patched releases listed above (or something newer). If your browser downloads an update, make sure you relaunch it—security fixes typically don’t fully apply until the browser restarts.
If the update isn’t available yet, keep checking periodically. Staged rollouts are common for major browsers, but with an actively exploited Chrome zero-day-style vulnerability like CVE-2026-2441, updating as soon as your system receives it is the safest move.
