Chromium Zero-Day & VS Code Extension Flaws: Urgent Security Bulletin

Job scam uses fake Google Forms site to harvest Google logins

• Phishing campaign targets job seekers with highly convincing fake Google Forms.
• Scammers use domain impersonation, like forms.google.ss-o[.]com, to trick users.
• Submitting fake forms redirects to credential-harvesting pages, stealing Google account logins.

Source: Malwarebytes | Date: February 18, 2026

Chrome "preloading" could be leaking your data and causing problems in Browser Guard

• Chrome's "preloading" feature makes background requests, introducing significant privacy risks.
• This feature runs code and sets cookies without user interaction, potentially exposing users.
• Preloading can cause unexpected blocking by security tools, including Browser Guard.

Source: Malwarebytes | Date: February 17, 2026

Update Chrome now: Zero-day bug allows code execution via malicious webpages

• A critical zero-day vulnerability (CVE-2026-2441) allows remote code execution in Chrome.
• Attackers exploit a use-after-free bug in CSS font feature handling via malicious HTML pages.
• Google confirms active exploitation; update Chrome immediately to mitigate this severe security risk.

Source: Malwarebytes | Date: February 17, 2026

CISA Adds Actively Exploited Google Chromium CSS Zero-Day to KEV Catalog

• CISA has added a Google Chromium CSS vulnerability (CVE-2026-XXXX), actively exploited in the wild, to its Known Exploited Vulnerabilities (KEV) Catalog.
• This zero-day flaw allows attackers to achieve remote code execution (RCE) by tricking users into visiting a specially crafted malicious webpage in Chromium-based browsers.
• Federal agencies are mandated to patch this critical vulnerability by March 10, 2026, underscoring the urgency for all users to update Chrome and other affected browsers immediately.

Source: Cybersecurity News | Date: February 18, 2026

Critical Flaws in VS Code Extensions Threaten 125M+ Installations

• Four popular Visual Studio Code extensions with over 125 million collective installs, including "Rainbow Fart" and "Live Server," were found to contain critical vulnerabilities.
• These flaws, such as directory traversal (CVE-2026-0001) and arbitrary file write, could enable attackers to achieve remote code execution and compromise development environments.
• The discovered vulnerabilities emphasize the software supply chain risks associated with third-party extensions, urging immediate updates for affected users.

Source: The Hacker News | Date: February 18, 2026

References

1. CISA Warns of Google Chromium 0-Day Vulnerability Actively Exploited in Attacks - Cybersecurity News
2. U.S. CISA adds Google Chromium CSS...flaws to its Known Exploited Vulnerabilities catalog - Security Affairs
3. Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs - The Hacker News
4. VS Code extensions with 125M+ installs expose users to cyberattacks - Security Affairs