Google has patched the first Chrome browser vulnerability of 2026. A bug in Chrome can cause the browser to crash or trigger other unusual behavior.
The first vulnerabilities in Google Chrome for 2026 have arrived. Google has rolled out a new version of the desktop browser (Windows, Mac, Linux) featuring exactly one security patch. The first vulnerability discovered in Chrome this year proved serious enough to warrant an immediate patch.
Unusual behavior
The vulnerability, CVE-2026-2441, was discovered by independent security researcher Shazeen Fazim, an active bug hunter for Chrome. The bug is the result of an invalid iterator in CSSFontFeatureValuesMap that can trigger ‘unusual behavior.’ This ranges from display issues and data corruption to full crashes.
Because Google reports the vulnerability is being actively exploited, a patch could not wait until the next major Chrome release. Versions 145.0.7632.75/76 for Windows/Mac and 144.0.7559.75 for Linux provide an immediate fix for the bug and are available as stable releases. Update your browser via the Chrome update window if you haven’t set the browser to update automatically.
Google is not disclosing further information regarding traces of exploitation. “Access to bug details and links may be kept restricted until a majority of users are updated with a fix.”
First zero-day of 2026
This is the first known vulnerability in Chrome this year. In 2025, the count reached eight zero-days. The browser is currently being flooded by fake AI assistants attempting to steal your data via extensions.
read also
Google: Hackers abuse AI to accelerate existing attack techniques
Meanwhile, Google is preparing the next major Chrome update. Chrome 146 is expected on March 10.