Google patches first Chrome zero-day exploited in attacks this year

Google just dropped an emergency patch for the first Chrome zero-day vulnerability of the year, CVE-2026-2441, which is already being exploited in the wild—think of it as a sneaky bug in Chrome’s CSS font handling that could crash browsers, corrupt data, or worse. This use-after-free issue, stemming from an iterator invalidation glitch in the CSSFontFeatureValuesMap, was reported by a sharp-eyed researcher, and while the fix addresses the core problem, Google’s hinting there might be more tweaks coming soon. If you’re running SMB operations or managing MSP setups, don’t snooze on this—update your Chrome installs on Windows, macOS (to version 145.0.7632.75/76), or Linux (144.0.7559.75) ASAP to keep attackers from turning your browsers into easy targets. Remember, letting Chrome auto-update is the lazy (but smart) way to stay protected, especially since last year saw eight such zero-days patched, many tied to serious spyware threats. As always, for tech-curious pros like you, staying ahead means treating these patches like mandatory coffee breaks—quick, essential, and way better than dealing with the hangover of a breach.

Source: https://www.bleepingcomputer.com/news/security/google-patches-first-chrome-zero-day-exploited-in-attacks-this-year/