CVE-2026-2441

HIGH

KEV

KISA

Exploit

설명

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Score Summary

CVSS Score: 8.8
Version: 3.1
Risk Score: 8.90
Attack Vector: Network
Low Complexity
No Privileges
User Interaction Required
Scope Unchanged
High Confidentiality Impact
High Integrity Impact
High Availability Impact

Details

Published: 02/13/2026(4 months ago)
Modified: 02/23/2026(4 months ago)
Source: KEV, NVD, KISA
Products: 4

CISA KEV Listing

Vendor / Project: Google
Product: Chromium

Date Added: 02/17/2026
Due Date: 03/10/2026Overdue 92d

Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Listed in KISA bulletin

This CVE is referenced in a KISA security bulletin (Korean only).

Bulletin ID: 71997
Published: 2026-03-10

boho.or.kr

Vulnerability Lifecycle

NVDPublished02/13/2026
CISA KEVKEV Listed02/17/2026
KISA

CWE Weakness Classification

CWE-416
NVD
Primary

References (5)

NVD
https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html
NVD
Issue Tracking
https://issues.chromium.org/issues/483569511
NVD
Exploit

Affected Products (4)

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

StatusAnalyzed

KISA Listed

02/19/2026

NVDLast Modified02/23/2026

CISA KEVDue Date03/10/2026

https://github.com/huseyinstif/CVE-2026-2441-PoC/blob/main/poc.html

NVD

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-2441

exploitdb

Exploit

https://www.exploit-db.com/exploits/52542