PoC Released for Critical Chrome CVE-2026-2441 Zero-Day Exploited in the Wild

A public proof-of-concept exploit targets CVE-2026-2441, a critical use-after-free zero-day in Chrome’s Blink CSS engine. Google confirms active in-the-wild exploitation. Security researcher Shaheen Fazim reported it on February 11, 2026. Google patched two days later in emergency versions. The flaw lives in CSSFontFeatureValuesMap. An iterator holds a raw pointer to FontFeatureAliases HashMap. Mutations during iteration […] The post PoC Released for Critical Chrome CVE-2026-2441 Zero-Day Exploited in the Wild appeared first on VPN Central.