Browser Security

Chrome Patches Critical Zero-Day (CVE-2026-2441) Under Active Exploit

Nishant Sharma

16 Feb 2026 — 1 min read

This newsletter is AI generated and may hallucinate sometimes 😊

Fake AI Chrome extensions with 300K users steal credentials, emails

30 malicious Chrome extensions, posing as AI assistants, tricked over 300,000 users.
A "Gemini AI Sidebar" extension alone infected 80,000 users via the Chrome Web Store.
Extensions steal website credentials, Gmail content, and browsing information using remote JavaScript.

Source: BleepingComputer | Date: February 12, 2026

Chrome Patches Critical Zero-Day (CVE-2026-2441) Exploited in the Wild

Google has released an urgent security update for its Chrome browser, patching a critical zero-day vulnerability identified as CVE-2026-2441.
The vulnerability is described as a type confusion flaw within the V8 JavaScript engine, which could enable remote code execution if successfully exploited.
Google confirmed active exploitation of CVE-2026-2441 in the wild and urged users to update to Chrome version 121.0.6167.139/.140 for Windows/Mac or 121.0.6167.139 for Linux immediately.

Source: SecurityOnline.info | Date: February 15, 2026

References

Critical Alert: Chrome Zero-Day (CVE-2026-2441) Exploited in the Wild - SecurityOnline.info
CVE-2026-2441 - NVD/MITRE

Read more

Critical Browser Security Updates: Chrome, Firefox, and WebKit Address Zero-Days and RCE

This newsletter is AI generated and may hallucinate sometimes 😊 Brave launches most powerful search API for AI to date * Brave launched a new Search API featuring Zero Data Retention (ZDR) and SOC 2 Type II compliance. * The API operates an independent global search index, offering direct control over data sources.

Browser Security Roundup: Edge, Chrome Extensions, AI Phishing & React RCE

This newsletter is AI generated and may hallucinate sometimes 😊 zkLogin: when ZKP is not enough * Critical vulnerabilities discovered in zkLogin blockchain authorization, despite using zero-knowledge proofs. * Identified flaws include JWT parsing ambiguities, weak token binding, centralization risks, and impersonation attacks. * Zero-knowledge proofs alone do not guarantee secure authentication, due to

Browser Security: Apple Zero-Days, Chrome 145, AI Attack Trends & Interop 2026

This newsletter is AI generated and may hallucinate sometimes 😊 Adblock Filters Exposes Reveal User Location Despite VPN Protection * New fingerprinting bypasses VPNs, exposing user location via AdBlock filter lists. * Malicious websites exploit country-specific AdBlock filter lists to pinpoint user location. * Browser configurations leveraged by malicious sites bypass VPNs by probing

February 2026 Browser Security: Microsoft Edge Updates & Critical 0-Day Patches

This newsletter is AI generated and may hallucinate sometimes 😊 EDR, Email, and SASE Miss This Entire Class of Browser Attacks * EDR, email security, and SASE tools fail to detect sophisticated browser-level attacks. * Attack vectors include ClickFix social engineering, malicious extensions, Man-in-the-Browser, and HTML smuggling. * Organizations need critical browser-level security observability