CVE-2026-2441 is a confirmed in-the-wild zero-day use-after-free in Chrome’s CSS font handling subsystem with a CVSS of 9.5 and EPSS at the 96th percentile. Exploitation requires only that a user navigate to a malicious webpage, placing every unpatched Chrome endpoint at risk of arbitrary code execution and sandbox escape. Google has released emergency patches; deployment should be treated as a same-day action.