CVE-2026-2441
CISA KEVPublished February 17, 2026 · Updated April 3, 2026
What This Means
# CVE-2026-2441: Chromium CSS Use-After-Free **What it is:** A use-after-free vulnerability in Chromium's CSS rendering engine allows remote code execution when a user visits a malicious HTML page, potentially corrupting heap memory and enabling arbitrary code execution in the browser process. **What it affects:** Google Chrome, Microsoft Edge, Opera, and any Chromium-based browser on affected versions. **What to do:** Patch immediately to the latest Chromium version (check vendor release notes for specific patch versions). Monitor for in-the-wild exploitation. Block or warn users visiting untrusted websites until patches are deployed.
Official Description+
Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Affected Products
| Vendor | Product |
|---|---|
| Chromium |
Patch Status
Recommended Actions
- Check if your systems use any of the affected products listed above.
- Apply vendor patches immediately if available.
- This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
- Monitor vendor advisories for updates and additional mitigations.
- Review logs for indicators of compromise related to CVE-2026-2441.