Google released a stable channel update for desktop computers on February 18, 2026, bringing Chrome to version 145.0.7632.109/110 (Windows/macOS) and 144.0.7559.109 (Linux). The rollout of the update is expected to occur over the coming days and weeks.
Update Addresses Additional Security Vulnerabilities
In addition to addressing CVE-2026-2441, Google’s update notes for desktop computers released on February 18 detail three additional security fixes:
- CVE-2026-2648 (High): Buffer overflow in PDFium
- CVE-2026-2649 (High): Integer overflow in V8
- CVE-2026-2650 (Medium): Buffer overflow in Media
Extended Stable Channel Also Updated
The Extended Stable channel also received an update on February 18, 2026, moving to version 144.0.7559.220 for both Windows and Mac, with a phased rollout planned over the following days and weeks. This channel provides a more deliberate update cadence for users prioritizing stability.
Chrome 145 Now Available on Mobile
Alongside the desktop updates, Google has released stable updates for mobile devices. These include:
- Android: Chrome 145 (145.0.7632.109), available through Google Play.
- iOS: Chrome Stable 145 (145.0.7632.108), deployed via the App Store.
Google notes that the Android versions include the same security fixes as their corresponding desktop releases, unless otherwise specified. This consistency in security patching across platforms is a key element of Google’s security strategy.
CISA Adds CVE-2026-2441 to Known Exploited Vulnerabilities Catalog
The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-2441 to its Known Exploited Vulnerabilities (KEV) catalog . The National Vulnerability Database (NVD) page reflects the KEV metadata, including:
- Date Added: February 17, 2026
- Expiration Date: March 10, 2026
- Required Action: Apply mitigations as per vendor instructions, or cease apply if mitigations are unavailable.
CISA publicly announced the addition of CVE-2026-2441 to the catalog as part of a batch update. The NVD entry was further updated, including a reference to a publicly available Proof of Concept (PoC). The NVD entry’s change history shows additional updates following the initial disclosure, including a CISA-ADP modification on February 20, 2026, which added a reference to the published PoC link.
