CVE-2026-2313 – This is a use-after-free vulnerability in Chrom... (How to Fix)

Q: What is the severity of CVE-2026-2313?

CVE-2026-2313 has a CVSS score of 8.8 (HIGH). This is a use-after-free vulnerability in Chrome's CSS engine that allows remote attackers to potentially exploit heap corruption. Attackers can trigger this by tricking users into visiting a malicious webpage, potentially leading to arbitrary code execution. All Chrome users on versions before 145.0.7632.45 are affected.

📋 TL;DR

This is a use-after-free vulnerability in Chrome's CSS engine that allows remote attackers to potentially exploit heap corruption. Attackers can trigger this by tricking users into visiting a malicious webpage, potentially leading to arbitrary code execution. All Chrome users on versions before 145.0.7632.45 are affected.

💻 Affected Systems

Products:

Google Chrome
Chromium-based browsers

Versions: All versions prior to 145.0.7632.45

Operating Systems: Windows, macOS, Linux, ChromeOS

Default Config Vulnerable: ⚠️ Yes

Notes: All standard Chrome installations are vulnerable. Extensions or security settings don't mitigate this vulnerability.

📦 What is this software?

Chrome by Google

Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...

Learn more about Chrome →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the same privileges as the Chrome process, potentially leading to full system compromise if Chrome is running with elevated privileges.

🟠

Likely Case

Browser crash (denial of service) or limited code execution within Chrome's sandbox, potentially allowing data theft or further exploitation.

🟢

If Mitigated

Browser crash with no data compromise if sandboxing works correctly and no additional vulnerabilities are chained.

🌐 Internet-Facing: HIGH - Attackers can host malicious websites accessible from anywhere on the internet.

🏢 Internal Only: MEDIUM - Risk exists if users visit internal malicious sites, but external attack surface is eliminated.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction (visiting malicious page) but no authentication. Use-after-free vulnerabilities in Chrome's rendering engine have been successfully exploited in the past.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 145.0.7632.45 and later

Vendor Advisory: https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_10.html

Restart Required: Yes

Instructions:

1. Open Chrome. 2. Click the three-dot menu → Help → About Google Chrome. 3. Chrome will automatically check for and install updates. 4. Click 'Relaunch' to restart Chrome with the updated version.

🔧 Temporary Workarounds

Disable JavaScript

all

Prevents malicious JavaScript from triggering the vulnerability, but breaks most website functionality.

Use site isolation

all

Ensure site isolation is enabled (default in Chrome) to limit impact if exploited.

🧯 If You Can't Patch

Restrict web browsing to trusted sites only using browser policies or web filters
Implement application whitelisting to prevent execution of unknown processes

🔍 How to Verify

Check if Vulnerable:

Check Chrome version: if below 145.0.7632.45, system is vulnerable.

Check Version:

chrome://version/ (in Chrome address bar) or 'google-chrome --version' (command line)

Verify Fix Applied:

Confirm Chrome version is 145.0.7632.45 or higher after update.

📡 Detection & Monitoring

Log Indicators:

Chrome crash reports
Unexpected process termination events
Sandbox escape attempts in security logs

Network Indicators:

Connections to known malicious domains hosting exploit code
Unusual outbound traffic from Chrome processes

SIEM Query:

process_name:"chrome.exe" AND (event_id:1000 OR event_id:1001) OR process_name:"chrome" AND signal:SIGSEGV

📊 Metadata

CVE ID: CVE-2026-2313

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.04% exploit probability (10.9th percentile)

Published: February 11, 2026

Last Updated: February 13, 2026

🔗 References

https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_10.html Release Notes,Vendor Advisory
https://issues.chromium.org/issues/467297219 Permissions Required

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-2313, you might also want to check these: