Urgent Security Advisory: Chrome Zero-Day and Critical Flaws in BeyondTrust, GitLab Face Active Exploitation

Urgent Security Advisory: Chrome Zero-Day and Critical Flaws in BeyondTrust, GitLab Face Active Exploitation

On Feb 18, the cybersecurity landscape shifted rapidly as Google, BeyondTrust, and CISA issued urgent warnings regarding high-severity vulnerabilities being actively exploited by threat actors.

Organizations and individual users are advised to update their systems immediately to prevent potential data exfiltration and remote code execution (RCE).

Google Chrome: First Major Zero-Day of 2026 (CVE-2026-2441)

Google has released an emergency update for the Chrome browser to address CVE-2026-2441, a high-severity “use-after-free” vulnerability in the CSS component.

• The Threat: This flaw allows a remote attacker to execute arbitrary code within the browser’s sandbox simply by tricking a user into visiting a specially crafted HTML page.

• Active Exploitation: Google confirmed that an exploit for this flaw “exists in the wild,” marking it as the first significant zero-day threat of the year.

• Required Action: Users must update to Version 145.0.7632.75/76 (Windows/Mac) or 144.0.7559.75 (Linux). Other Chromium-based browsers (Edge, Brave, Opera) are expected to follow with patches shortly.

BeyondTrust: Critical RCE Under Global Attack (CVE-2026-1731)

BeyondTrust is currently managing a “wave of exploitation” targeting its Remote Support (RS) and Privileged Remote Access (PRA) solutions.

• The Vulnerability: Tracked as CVE-2026-1731, this pre-authentication RCE flaw carries a near-perfect CVSS score of 9.9. It allows unauthenticated attackers to send crafted requests and execute OS commands with high privileges.

• The Situation: A Proof-of-Concept (PoC) was made public on February 10, and security firms like GreyNoise and Darktrace reported a surge in scanning activity within 24 hours. CISA has added this to the Known Exploited Vulnerabilities (KEV) Catalog, mandating federal agencies to patch by tomorrow.

• Required Action: Self-hosted customers must manually apply patch BT26-02-RS or BT26-02-PRA. SaaS customers were automatically patched on February 2.

GitLab: SSRF Vulnerability Re-enters the Spotlight (CVE-2021-22175)

In a surprise move, CISA today added a “historical” GitLab vulnerability, CVE-2021-22175, to its KEV list.

• The Flaw: A Server-Side Request Forgery (SSRF) vulnerability that occurs when webhooks are enabled for the internal network.

• The Warning: The inclusion in the KEV catalog today suggests that threat actors—potentially ransomware groups—are utilizing this older flaw to bypass internal network security in unpatched enterprise environments.

• Required Action: Admins should ensure GitLab instances are updated to versions released after mid-2021 or disable internal network webhooks if updates are not feasible.

Security Note:

“Patching is no longer a monthly chore; it is a race against automation,”

With AI-driven tools now accelerating the discovery of vulnerabilities, the window between disclosure and exploitation has shrunk to hours.

Summary of Required Updates