Threat actors now have the ability to exploit a new zero-day vulnerability in the Chrome browser, Google has advised IT administrators. The warning comes after Google released a patch for Chrome to plug a use after free memory vulnerability (CVE-2026-2441) in cascading style sheets (CSS), which means the browser’s CSS engine isn’t properly managing memory and can be exploited by a hacker. If not patched, it allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. The vulnerability is rated at High in severity. At risk are Windows and Mac Chrome browsers prior to 145.0.7632.75/76, and prior to 144.0.7559.75 for Linux. “Google is aware that an exploit for CV...