Exploitation Summary
CVE-2026-2441 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added February 17, 2026. EIP tracks 17 public exploits from researchers including nu11secur1ty, Unclecheng-li, huseyinstif.
AI-analyzed exploit summary The provided code is a functional proof-of-concept exploit for CVE-2026-2441, a use-after-free vulnerability in Google Chrome's CSS engine (Blink) within the CSSFontFeatureValuesMap implementation. It demonstrates the vulnerability by creating an iterator over a CSSFontFeatureValuesMap object and mutating the underlying HashMap during iteration, leading to a use-after-free condition.
Description
Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Exploits (17)
The provided code is a functional proof-of-concept exploit for CVE-2026-2441, a use-after-free vulnerability in Google Chrome's CSS engine (Blink) within the CSSFontFeatureValuesMap implementation. It demonstrates the vulnerability by creating an iterator over a CSSFontFeatureValuesMap object and mutating the underlying HashMap during iteration, leading to a use-after-free condition.
This repository contains a functional exploit PoC for CVE-2026-2441, a Use-After-Free (UAF) vulnerability in Chrome's CSSFontFeatureValuesMap iterator. The exploit demonstrates the vulnerability by triggering a UAF through iterator invalidation during HashMap rehashing.
This repository provides a detailed technical analysis of CVE-2026-2441, a use-after-free vulnerability in Chrome's Blink CSS engine, including root cause, patch details, and proof-of-concept methods.
The repository claims to provide a PoC for a Chrome CSS Use-After-Free vulnerability but lacks actual exploit code, instead directing users to an external download link. The description includes technical details but is likely a lure to trick researchers into downloading potentially malicious content.
The repository claims to be a PoC for a Chrome CSS Use-After-Free vulnerability but lacks actual exploit code, instead redirecting users to an external download link. The description includes technical details but no verifiable code or analysis.
This repository contains a functional exploit PoC for CVE-2026-2441, a Use-After-Free (UAF) vulnerability in Chrome's CSSFontFeatureValuesMap iterator. The exploit demonstrates the vulnerability by triggering a UAF through iterator invalidation during HashMap rehashing.
This repository contains a functional exploit PoC for CVE-2026-2441, a Use-After-Free (UAF) vulnerability in Chrome's CSSFontFeatureValuesMap iterator. The exploit demonstrates the vulnerability by triggering a UAF through iterator invalidation during HashMap rehashing.
This repository contains a functional exploit PoC for CVE-2026-2441, a Use-After-Free (UAF) vulnerability in Chrome's CSSFontFeatureValuesMap iterator. The exploit demonstrates the vulnerability by triggering a UAF through iterator invalidation during HashMap rehashing.
This repository contains a functional proof-of-concept exploit for CVE-2026-2441, a use-after-free vulnerability in Chrome's Blink CSS engine. The PoC demonstrates the UAF by triggering iterator invalidation in CSSFontFeatureValuesMap through multiple methods, including direct iteration, for...of loops, and requestAnimationFrame-based triggers.
This repository contains a functional proof-of-concept exploit for CVE-2026-2441, a use-after-free vulnerability in Google Chrome's Blink CSS engine. The exploit demonstrates arbitrary code execution within the renderer sandbox via crafted HTML, with detailed technical analysis and multiple trigger methods.
The repository lacks actual exploit code and instead directs users to download an external executable from GitHub releases, which is a common tactic for distributing malware or fake exploits.
This repository provides a detailed technical analysis of CVE-2026-2441, a use-after-free vulnerability in Chrome's Blink CSS engine. It includes root cause analysis, patch details, and a description of the PoC methods but does not contain actual exploit code.
The repository claims to provide an exploit for CVE-2026-2441 (a use-after-free in Chrome's CSS engine) but contains no actual exploit code. Instead, it directs users to an external download link (tinyurl.com), which is a common tactic for distributing malware or fake exploits.
The repository contains only a minimal README with no exploit code, technical details, or functional proof-of-concept. It is a placeholder with no substantive content.
The repository claims to provide an exploit for CVE-2026-2441, a use-after-free vulnerability in Google Chrome's CSS handling, but only includes a README with vague details and a link to an external download. No actual exploit code is present.
The repository describes a Chrome CSS Use-After-Free vulnerability (CVE-2026-2441) in Blink's CSSFontFeatureValuesMap, leading to renderer RCE via iterator invalidation and memory corruption. The PoC involves CSSOM grooming, UAF exploitation, and a chain to achieve arbitrary read/write and shellcode execution.
The repository claims to exploit CVE-2026-2441 (a use-after-free in Chrome's CSS) but provides no actual exploit code, instead redirecting users to an external download link (tinyurl.com). The README lacks technical details and reads like a sales pitch.
References (4)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H