Google Chrome Emergency Update – How to Update and Stay Protected

Google has released an emergency security update for Chrome addressing a critical zero-day vulnerability that was actively exploited in the wild. The patch, deployed across Windows, macOS, Linux, and Android platforms, targets CVE-2026-2441, a use-after-free flaw in Chrome’s CSS component that could allow attackers to execute arbitrary code by tricking users into visiting malicious webpages.

The emergency update comes amid confirmed reports of active exploitation, prompting security researchers to urge immediate action from all Chrome users. With the vulnerability affecting not only Google Chrome but also Chromium-based browsers including Microsoft Edge, Brave, and Opera, the potential attack surface spans millions of devices worldwide.

This article provides a comprehensive overview of the emergency update, including version details, step-by-step update instructions for all platforms, and essential troubleshooting guidance for users encountering update issues.

What is the Google Chrome emergency update?

The Google Chrome emergency update is a critical security patch released to address CVE-2026-2441, a high-severity use-after-free vulnerability discovered in Chrome’s CSS font feature values handling component. The flaw specifically stems from iterator invalidation within the CSSFontFeatureValuesMap implementation, which manages CSS font feature values in the browser’s rendering engine.

When exploited, the vulnerability causes Chrome to lose track of memory it has already released and attempt to reuse it. This memory corruption behavior allows attackers to inject and execute arbitrary code inside Chrome’s sandbox environment. The attack requires no additional user interaction beyond visiting a compromised webpage, making it particularly dangerous.

Security researcher Shaheen Fazim discovered and reported the vulnerability on February 11, 2026. Google confirmed that exploitation was already occurring in the wild before the patch was released, leading to the emergency classification of this update.

Chrome Emergency Update Overview

Version	Release Date	Platforms	Key Fix
146.0.7680.177/178	31 Mar 2026	Windows/Mac/Linux	High-severity CVE patches
145.0.7632.159/160	5 Mar 2026	Windows/Mac	10 Critical Vulnerabilities
CVE-2026-2441	19 Feb 2026	All	Zero-day Exploit Fixed

Key Insights

The vulnerability affects Google Chrome and all Chromium-based browsers including Microsoft Edge, Brave, and Opera
Attackers can execute arbitrary code by directing users to maliciously crafted webpages
The flaw carries a CVSS v3.1 score of 8.8 (High severity)
Google confirmed active exploitation in the wild before the patch was released
Successful exploitation can lead to malware delivery and credential theft through session hijacking
Auto-updates are recommended for all users and organizations
Users should verify version compliance across all endpoints after updating

Quick Facts

Attribute	Details
Latest Stable Version	146.0.7680.177/178
Release Date	31 March 2026
Affected Platforms	Windows, macOS, Linux, Android
Severity	CVSS 8.8 (High)
Update Method	Help > About Google Chrome / Play Store

What is the latest version of Google Chrome?

The latest stable version of Google Chrome is 146.0.7680.177 for Windows and macOS, with 146.0.7680.178 serving as an alternative build. The Extended Stable channel version is 146.0.7680.166. Linux users should update to version 146.0.7680.170.

For users who have not yet received the v146 update, version 145.0.7632.159 (Windows/Mac) or 144.0.7559.75 (Linux) includes the critical CVE-2026-2441 patch. The Extended Stable version 144.0.7559.177 also contains the necessary security fixes.

Rollout of security updates began on February 13, 2026, and has continued progressively across all platforms. Users should note that update availability may vary depending on their region and update channel settings.

How to Check Your Current Chrome Version

To verify which version of Chrome is currently installed, navigate to Help > About Google Chrome from the browser’s main menu. This displays the version number along with information about whether the browser is up to date.

Organizations managing multiple endpoints should verify that the patched version is actively running, not merely installed. The old version can remain resident in memory until the browser is restarted, meaning a simple installation without restart does not provide full protection.

Version Verification

For enterprise environments, Google provides version compliance tools through admin consoles. Security teams should cross-reference displayed version numbers against the official Chrome Releases blog to confirm all endpoints are running fully patched versions.

How do I update Google Chrome?

Updating Google Chrome is straightforward and can be completed in a few steps. The browser typically checks for updates automatically, but users can manually trigger the update process to ensure they have the latest version.

Desktop Update Process

For Windows and macOS users, open Chrome and click the three-dot menu icon in the top-right corner. Select Help > About Google Chrome from the dropdown menu. Chrome will automatically check for and download any available updates. Once the download completes, click Relaunch to restart the browser with the new version installed.

Linux users can update Chrome through their system package manager by running the appropriate update commands for their distribution. The Chrome team provides .deb packages for Debian and Ubuntu-based systems, as well as .rpm packages for Fedora and SUSE distributions.

The Google Chrome support page contains detailed instructions for different operating systems and network environments.

Important Update Notes

Users should ensure they restart Chrome completely after installing updates. Security researchers have emphasized that the old version can remain resident in memory until the browser is fully closed and reopened, meaning the update provides no protection until a restart occurs.

Enterprise users operating Chrome in managed environments may experience delayed updates due to policy configurations. IT administrators should review update policies and consider pushing emergency updates across their infrastructure immediately.

Restart Required

Simply installing the update is insufficient for full protection. Close all Chrome windows and applications, then relaunch the browser to ensure the patched version is running in memory.

How to update Google Chrome on Android?

Updating Chrome on Android devices is typically handled through the Google Play Store. The process differs slightly depending on your device’s configuration and Android version.

Standard Android Update Method

Open the Google Play Store app and tap the profile icon in the top-right corner. Select Manage apps and device, then tap Updates available. Find Chrome in the list of apps with pending updates and tap Update. For devices with auto-update enabled, Chrome updates automatically when connected to Wi-Fi.

Android devices running newer versions typically receive automatic Chrome updates without user intervention. The update is delivered through Google Play Services, which handles background updates for Google applications.

Devices with Auto-Update Disabled

Users who have disabled automatic updates should regularly check for Chrome updates manually through the Play Store. Failing to update leaves devices vulnerable to the CVE-2026-2441 exploit, which can trigger simply by visiting a compromised webpage in the browser.

For organizations managing Android deployments, mobile device management (MDM) solutions can be configured to enforce Chrome updates across fleets of devices, ensuring consistent security posture throughout the organization.

Security Risk

Devices running outdated Chrome versions remain vulnerable even in headless or non-interactive deployments. The CVE-2026-2441 vulnerability triggers automatically when rendering malicious content, regardless of whether the user actively interacts with the browser.

Why won’t Google Chrome update on Android?

Several factors can prevent Chrome from updating on Android devices. Understanding these issues helps users troubleshoot and resolve update failures effectively.

Common Causes of Update Failures

Insufficient storage space is the most frequent cause of update failures. Chrome requires adequate free space to download and install new files. Users should clear cached data by navigating to Settings > Storage > Cached Data and selecting the option to clear cached data, or remove unused applications to free up space.

Unstable or interrupted internet connections can also prevent successful updates. Chrome downloads update packages in a single session, and connection drops will cause the process to fail. Users should ensure a stable Wi-Fi connection before attempting updates.

Device Compatibility Issues

Google officially supports Chrome on Android 7.0 and later versions. Devices running older Android versions no longer receive Chrome security updates, which means they remain permanently vulnerable to known exploits including CVE-2026-2441. Users with incompatible devices should consider upgrading to a supported device or using an alternative browser that receives security updates.

Modified Android devices, including those with custom ROMs or root access, may encounter update conflicts depending on their configuration. These devices sometimes require manual APK installation from the official Chrome website, though this approach carries additional security considerations.

Google Play Services Issues

Chrome relies on Google Play Services for update delivery. If Play Services is disabled, corrupted, or running an outdated version, Chrome updates may fail silently or display error messages. Users experiencing persistent update issues should verify that Google Play Services is functioning correctly by checking for updates through the Play Store settings.

Timeline: Chrome Emergency Updates in 2026

The following timeline documents key Chrome security updates throughout 2026, highlighting the rapid response to emerging threats.

February 11, 2026: Security researcher Shaheen Fazim discovers and reports the CVE-2026-2441 use-after-free vulnerability in Chrome’s CSS component
February 13, 2026: Google begins rolling out emergency security patches (Chrome 145.0.7632.75/76 for Windows/macOS, 144.0.7559.75 for Linux)
February 19, 2026: Reports surface confirming exploitation of CVE-2026-2441 in the wild
March 5, 2026: Chrome 145.0.7632.159/160 released with additional security patches addressing 10 critical vulnerabilities
March 31, 2026: Chrome 146.0.7680.177/178 deployed as the latest stable release

Confirmed vs. Unconfirmed Information

Confirmed Information

CVE-2026-2441 is a use-after-free vulnerability in Chrome’s CSSFontFeatureValuesMap implementation
The vulnerability carries a CVSS v3.1 score of 8.8 (High severity)
Active exploitation was confirmed by Google before patch release
All Chromium-based browsers are affected by the vulnerability
The vulnerability can be triggered by simply visiting a malicious webpage
Shaheen Fazim discovered and reported the vulnerability on February 11, 2026
Chrome 145.0.7632.75/76 and later versions include the fix

Information Requiring Further Verification

Whether specific threat actor groups have been definitively attributed to exploitation campaigns
Complete list of websites that may have been compromised to deliver exploits
Whether all affected devices across all regions have successfully received updates
Long-term follow-on effects for systems that were potentially compromised before patching

Understanding the Context of Chrome Security Updates

The emergency update addressing CVE-2026-2441 represents a significant response to an actively exploited zero-day vulnerability. Such updates are reserved for security flaws that are either already being used in attacks or are at high risk of imminent exploitation, underscoring the severity of this particular vulnerability.

Chrome’s position as the world’s most widely used browser makes it a prime target for threat actors. The browser’s complexity, extensive code base, and frequent interaction with untrusted web content create a substantial attack surface. Security researchers continue to discover vulnerabilities in components that handle web content, including CSS rendering engines.

The February 2026 emergency update follows a pattern established by previous Chrome security patches, where Google has demonstrated rapid response capabilities when active exploitation is detected. The company’s security team maintains ongoing collaboration with external researchers through responsible disclosure programs, which help identify vulnerabilities before they can be widely exploited.

For users and organizations, this update serves as a reminder of the importance of maintaining current software versions. Given that the CVE-2026-2441 vulnerability can trigger simply through web page rendering, even users who exercise caution when browsing may be at risk if their browser is not updated.

Sources and Official References

Google’s Chrome security team confirmed that CVE-2026-2441 represents an actively exploited zero-day vulnerability requiring immediate user action. The vulnerability stems from iterator invalidation within the CSSFontFeatureValuesMap implementation, allowing memory corruption attacks against Chrome users.

— Official vulnerability disclosure and Chrome Releases documentation

Successful exploitation of this use-after-free vulnerability allows attackers to execute arbitrary code within Chrome’s sandbox environment. Users are strongly advised to update to the latest version immediately and restart their browsers to ensure protection.

— Security research analysis from multiple independent security firms

Summary and Recommended Actions

The Google Chrome emergency update addressing CVE-2026-2441 requires immediate attention from all users. The vulnerability, which affects Chrome and all Chromium-based browsers, has been confirmed as actively exploited in the wild. Users should update to the latest stable version (146.0.7680.177/178 or the latest available) and restart their browsers to ensure protection.

For those interested in understanding more about browser security and the techniques used by security researchers to identify vulnerabilities, exploring articles on topics like Do a Barrel Roll 20 Times – Why Google Spins Once and How to Do More provides insight into the broader landscape of web technology security considerations.

Frequently Asked Questions

Is there a Chrome emergency update for Android?

Yes, Google released the emergency update for Android through the Google Play Store. Android users should update Chrome immediately by opening the Play Store, accessing their profile, and selecting the Chrome update option.

How do I download the Chrome emergency update?

Chrome typically downloads updates automatically. To manually trigger an update, open Chrome, go to Help > About Google Chrome, and the browser will check for and download any available updates.

What CVE does the Chrome emergency update fix?

The emergency update addresses CVE-2026-2441, a high-severity use-after-free vulnerability in Chrome’s CSS component with a CVSS score of 8.8.

Why is this Chrome update considered an emergency?

The update is classified as emergency because Google confirmed active exploitation of CVE-2026-2441 in the wild before the patch was released, requiring users to update immediately.

How do I know if my Chrome is updated?

Open Chrome and go to Help > About Google Chrome to see your current version. Compare this against the latest stable release documented on the Chrome Releases blog to verify you have the patched version.

What happens if I don’t update Chrome?

Unpatched Chrome browsers remain vulnerable to CVE-2026-2441, which can be exploited simply by visiting a malicious webpage. Attackers could potentially execute arbitrary code, deliver malware, or steal credentials.

Which browsers are affected besides Chrome?

All Chromium-based browsers are affected, including Microsoft Edge, Brave, and Opera. Users of these browsers should check for and apply security updates from their respective developers.

Do I need to restart Chrome after updating?

Yes, restarting Chrome is essential. The old version can remain resident in memory until the browser is fully closed and reopened, meaning the update provides no protection until after a restart.