Google patches the first Chrome Zero Day of 2026. This critical CSS exploit allows sandbox escapes via malicious HTML. Update your browser and audit your extensions now to stay safe.

#chrome #google #zeroday

David Bombal

Google issued an emergency patch for Chrome's first zero-day of 2026, tracked with a CVSS score of 8.8. The flaw is a use-after-free bug in Chrome's CSS handling that allows remote attackers to execute arbitrary code inside the browser sandbox via a malicious HTML page. Exploits were already active in the wild just two days after the vulnerability was reported on February 11th. Additionally, 287 Chrome extensions with tens of millions of installs were found quietly harvesting users' browsing histories, reinforcing warnings about the risks of installing unvetted browser extensions.

Sandbox ESCAPE in Chrome