Zero-Day Google Chrome Vulnerability (CVE-2026-2441)

Key facts: Google data breach

Date reported: February 16, 2026.
Unauthorized access identified: February 13, 2026.
Target entity: Google (google.com) — specifically Google Chrome browser users.
Source of breach: Unknown threat actors exploiting a zero-day vulnerability (CVE-2026-2441).
Data types: Potential for arbitrary code execution, which may lead to the exposure of browser session data and credentials.
Status: Confirmed; Google released emergency patches for Chrome after discovering active exploitation in the wild.
Severity: High; this zero-day flaw allows remote code execution within the browser sandbox, impacting millions of users.

Start continuous breach monitoring with UpGuard.

What happened in the Google data breach?

Google (google.com) reported a security incident involving a cyberattack on February 16, 2026. No specific threat actor has been identified as the perpetrator of the exploit at this time. The incident centers on a zero-day vulnerability in the Google Chrome browser that was discovered to be actively used in attacks prior to a patch being available.

On February 13, 2026, Google released emergency security updates for CVE-2026-2441, a use-after-free bug in the CSS component of the browser. This flaw allows remote attackers to execute code or cause browser crashes. The incident is classified with a severity level of info. Such vulnerabilities typically present risks of unauthorized system access or data corruption if users do not apply updates promptly.

Who is behind the incident?

The attacker or cause of the incident has not been identified.

Impact and risks for Google customers

For users of Google Chrome and other Chromium-based browsers, this incident introduces risks of arbitrary code execution and service disruption. If exploited, attackers could potentially gain unauthorized access to browser sandboxes or cause severe instability, leading to application crashes. There is a possibility that sensitive session data or credentials could be compromised if a user visits a malicious HTML page designed to trigger the flaw.

These types of vulnerabilities often lead to broader browser-based attacks; users should immediately update to the latest versions of Chrome, Edge, or Brave. Ensuring that automatic updates are enabled and monitoring for unusual account activity are concrete protective steps. Proactive transparency regarding such flaws helps users mitigate risks before broader exploitation occurs.

How secure is Google?

Google operates a search engine and provides internet-related services including online advertising technologies, cloud computing, software applications, and hardware products. The company generates revenue primarily through advertising sales on its search platform and other digital properties.

View our free preliminary report on Google’s security posture
13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities

View Google's score

View score

https://www.google.com

Sign up for our newsletter

UpGuard's monthly newsletter cuts through the noise and brings you what matters most: our breaking research, in-depth analysis of emerging threats, and actionable strategic insights.