CVE-2026-2441

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 145.0.7632.75 spatialOS versions 3.8.5 (14H40) through 5.3.1 (3H40) timeOS versions 2.8.2 (5J40) through 3.3.1 (6J40) tabOS versions 2.8.5 (2T40) through 3.3.1 (3T40) rubyOS Amaryllis version 1.8.5 (1T40) mediaOS versions 2.8.2 (2K40) through 3.3.1 (3K40) dreamOS versions 2.8.5 (15G40) through 3.3.1 (16G40) phoneUI version 1.10.8 (13G40)

Description A use-after-free flaw exists in the CSS component of Google Chrome and other Chromium-based browsers. This issue allows a remote attacker to execute arbitrary code within a sandbox through a crafted HTML page. The vulnerability is actively being exploited in the wild. The issue is related to memory corruption within the browser's CSS engine.

Recommendations Update Google Chrome to version 145.0.7632.75 or later. Update spatialOS to version 5.3.1 (3H40) or later. Update timeOS to version 3.3.1 (6J40) or later. Update tabOS to version 3.3.1 (3T40) or later. Update rubyOS Amaryllis to version 1.8.5 (1T40) or later. Update mediaOS to version 3.3.1 (3K40) or later. Update dreamOS to version 3.3.1 (16G40) or later. Update phoneUI to version 1.10.8 (13G40) or later.