On February 18, 2026, Google released a new stability channel update for Chrome on desktop, bringing the Chrome version to 145.0.7632.109/110 on Windows and Mac, and 144.0.7559.109 on Linux, with a gradual rollout expected to continue over the coming days and weeks.
The February 18 desktop release fixed three additional vulnerabilities, independent of CVE-2026-2441:
- CVE-2026-2648 (High): Memory buffer overflow in PDFium
- CVE-2026-2649 (High): Integer overflow in V8
- CVE-2026-2650 (Medium): Memory buffer overflow in Media
Google also updated the Extended Stability Channel for Windows and Mac to version 144.0.7559.220 on the same date, with a similar gradual rollout.
On the mobile side, Google has also released Chrome 145 updates for both Android and iOS:
- Android: Chrome 145 (145.0.7632.109) via Google Play Store
- iOS: Chrome Stable 145 (145.0.7632.108) via App Store
Google indicated that Android updates contain the same security fixes found in desktop versions, unless otherwise noted.
CISA has listed CVE-2026-2441 in the Known Exploited Vulnerabilities catalog with an update deadline of March 10, 2026, with mitigations required as instructed by the vendor or discontinuing use if mitigations are not available.
CISA also officially announced the addition in a bulk update, and the NVD registry has been updated to include a reference to publicly published PoC code.
