Google Chrome V8 Zero-Day Under Active Exploitation (CVE-2026-2441)
February 20th, 2026
High
_ed.png)
Our Cyber Threat intelligence Unit is monitoring a high severity flaw in Google Chrome that has been actively exploited in the wild, prompting an urgent stable channel update from Google. Tracked as CVE-2026-2441, the vulnerability allows attackers to achieve remote code execution by enticing users to visit specially crafted web pages. Exploitation requires only user interaction with a malicious or compromised site; no malicious attachment or download is needed. Because of real-world exploitation and its capability to run arbitrary code on affected systems, organizations are urged to update Chrome immediately to the fixed release.
Technical Details
Severity: High
CVE: CVE-2026-2441
CVSS Score: 8.8 (High)
Vulnerability Type: Use-After-Free / Memory Corruption leading to Remote Code Execution
Affected Component: Google Chrome V8 JavaScript Engine (Desktop versions on Windows, macOS, Linux)
Attack Vector: Requires user interaction and is typically delivered via:
Visiting a malicious or compromised website
Clicking phishing or malicious links
Malvertising redirects
Exploitation Mechanics
A specially crafted webpage triggers a memory corruption flaw in Chrome’s V8 engine.
The use-after-free condition allows attackers to manipulate memory and execute arbitrary code within the Chrome process.
The payload runs with the same privileges as the logged-in user.
Root Cause: Improper memory management in the V8 JavaScript engine allows freed memory to be reused without proper validation, leading to execution control.
Post-Compromise Impact
Attackers can execute arbitrary code, steal browser data, or deploy additional malware.
If executed with elevated privileges, full system compromise is possible.
The vulnerability is confirmed to be actively exploited in the wild, increasing enterprise risk.
Impact
Visiting a malicious web page can lead to arbitrary code execution within the Chrome process.
Attackers can run code at the same privilege level as the user, potentially leading to data theft or system compromise.
Enterprise and managed devices with unpatched Chrome installations remain at high risk.
Malware or additional payloads can be deployed automatically as part of post-exploit actions.
System stability, integrity, and confidentiality are jeopardized when code runs outside intended scripting contexts.
Detection Method
Inventory Chrome browser versions across endpoints to identify unpatched instances older than version 145.0.7632.75 in Windows/macOS and 144.0.7559.75 in Linux platforms.
Monitor browser crash logs for evidence of exploitation patterns typical of V8 engine corruption.
Inspect web proxy and firewall logs for traffic to known malicious URLs being used to trigger the vulnerability.
Detect anomalous child processes spawned by Chrome that do not align with user activity.
Use browser telemetry and endpoint detection tools to correlate unexplained code execution events following web navigation.
Enable threat hunting queries looking for unusual JavaScript V8 exploitation indicators.
Indicators of Compromise
There are no Indicators of Compromises Observed.
Recommendations
Patch Now: Update Google Chrome to version 145.0.7632.75/.76 on Windows/macOS platforms and 144.0.7559.75 on Linux platforms.
Auto-Update: Enforce auto-updates for Chrome in enterprise environments.
Block Risky Sites: Apply web filtering to block untrusted domains or redirects
Enforce Policies: Restrict access to high-risk URLs in enterprise browsing policies
User Awareness: Educate users to avoid unsafe links and unsolicited content
EDR/Monitoring: Enable detection rules for unexpected code execution stemming from browser processes
Post-Update Verification: Confirm updates applied successfully and re-scan endpoints for outdated clients
Conclusion
CVE-2026-2441 is a critical memory corruption vulnerability in Google Chrome’s V8 JavaScript engine that has been actively exploited in the wild to achieve remote code execution on affected systems. Because exploitation requires only visiting a malicious webpage, the risk to unpatched systems is significant. The urgent update provided by Google should be applied immediately across all managed and unmanaged devices to mitigate active and future exploitation. Continuous monitoring and application of web filtering and endpoint controls will further reduce exposure.