CVE-2026-2441 is a confirmed use-after-free in Chrome’s CSS engine enabling remote code execution via a crafted web page, under active exploitation as of mid-February 2026, affecting all desktop Chrome installations on Windows, macOS, and Linux. An emergency out-of-band Stable Channel update has been issued. CVSS score of 9.5 is vendor-reported and pending NVD confirmation; EPSS is 0.231 at the 96th percentile.