CVE-2026-2441 – Google Chrome Security Update – Multiple Vulnerabilities Patched

Google has released security updates for Chrome that address multiple high and medium-severity vulnerabilities. These issues affect core components like the V8 JavaScript engine, media libraries, and UI features, and could allow code execution, crashes, data leaks, or spoofed interfaces.

High-Severity Vulnerabilities

• CVE-2026-1861 (CVSS 8.1 – High) – A heap buffer overflow in the libvpx video codec component. This memory corruption issue could allow remote code execution if triggered by specially crafted content.
• CVE-2026-1862 (CVSS 8.2 – High) – A type confusion flaw in the V8 JavaScript engine. This could lead to heap corruption and arbitrary code execution.
• CVE-2026-2441 (CVSS 8.8 – High) – A use-after-free vulnerability in Chrome’s CSS component. This issue has been observed in real-world attacks and could allow attackers to execute code through malicious HTML.

These high-severity issues could let an attacker take control of the browser process merely by getting a user to visit a crafted webpage.

Medium-Severity Vulnerabilities

• CVE-2026-2317 (CVSS 6.5 – Medium) – Cross-origin data leak issue related to animations.
• CVE-2026-2318 (CVSS 5.6 – Medium) – UI spoofing issue in Picture-in-Picture mode that could mislead users.
• CVE-2026-2320 (CVSS 5.4 – Medium) – Logic issue in file handling that could result in unintended behavior.
• CVE-2026-2323 (CVSS 5.3 – Medium) – Browser logic flaw affecting download handling.
• CVE-2026-0102 (CVSS 5.0 – Medium) – Security issue included in the broader update.

These medium-severity issues could expose data or allow user interface confusion but are less likely to result in full system compromise compared to the high-severity flaws.