Google has released an emergency zero-day patch for its Chrome browser to address a high-severity security issue. The vulnerability, identified as CVE-2026-2441, marks the first zero-day issue patched by the firm in 2026. The tech giant confirms that attackers have already used the flaw in real-world attacks. Users across Windows, macOS, and Linux are advised to install the latest patch immediately.
The latest Google Chrome update patches its first zero-day vulnerability of 2026
As per Google, the vulnerability emerges from a use-after-free error within Chrome’s CSSFontFeatureValuesMap component. The problem was caused by an iterator invalidation bug that can corrupt memory during font processing. When successfully exploited, it could trigger browser crashes, unstable rendering, data corruption, or other undefined behavior.
The vulnerability was reported by security researcher Shaheen Fazim. He alerted the tech giant through responsible disclosure channels. Google confirmed it became aware that an exploit exists in the wild and began investigating immediately to assess risk and protect users. The engineers released the patch in an emergency, showing the seriousness of the issue. Google says the update addresses the immediate problem. However, additional work remains under internal tracking, suggesting that there may be some components that still require attention.
Users are urged to install the patch as soon as possible
Google has further limited access to detailed bug reports until a majority of Chrome users install the security update. This has been done to reduce the risk of further active exploitation. The stable release is now rolling out to Windows, macOS, and Linux builds in stages. Updated builds include version 145.0.7632.76 for Windows, 145.0.7632.75 and 145.0.7632.76 for macOS, and 144.0.7559.75 for Linux.
Most users will receive the zero-day patch automatically after restarting their browser. However, manual checks are also recommended to ensure peace of mind. Google has also recommended that enterprises and organizations prioritize deployment to minimize exposure.
The post Update Now: Google Fixes the First Active Chrome Zero-Day of 2026 appeared first on Android Headlines.
​Â
