Get a 14-day FREE trail of flare at https://go.lowlevel.tv/flare2026 . See if you or your company's data is floating around the dark web.

🏫 MY COURSES
Sign-up for my FREE 3-Day C Course: https://lowlevel.academy

🧙‍♂️ HACK YOUR CAREER
Wanna learn to hack? Join my new CTF platform: https://stacksmash.io

🔥COME HANG OUT   
Check out my other stuff: https://lowlevel.tv

Low Level Learning

Chrome's first zero-day of the year (CVE-2026-2441, CVSS 8.8) is under active exploitation. The vulnerability is a use-after-free bug in Chrome's CSS font feature value map parsing, written in C++. When JavaScript iterates over CSS font feature rules and deletes entries simultaneously, a dangling pointer can be exploited to achieve arbitrary code execution inside the browser sandbox. The patch replaces a reference-based iteration with a copy (move semantics) to prevent modification of the underlying map during traversal. The video explains use-after-free mechanics with a cat/dog struct analogy, demonstrates the concept in GDB, and discusses why Rust's ownership model would prevent this class of bug — noting Firefox's CSS renderer is already written in Rust. The immediate mitigation is simply updating Chrome to the latest version.

they hacked CSS