logoalt Hacker News

notpushkintoday at 4:00 AM3 repliesview on HN

Whoa!

Completely unrelated but somehow unsurprising:

Zero-day CSS: CVE-2026-2441 exists in the wild - https://news.ycombinator.com/item?id=47062748 - February 2026 (233 comments)

Replies

rebane2001today at 4:04 AM

I do actually have a CSS CVE[0] in Chrome, but it was in the changelog as "in Animation" instead of "in CSS", so no fun stories/headlines for me :c

[0] https://chromereleases.googleblog.com/2025/06/stable-channel...

magicalisttoday at 1:34 PM

That was in the C++ implementation of the CSS interface that gets exposed to JS, though, there wasn't an exploit from CSS.

carratoday at 7:00 AM

I don't think it's that unrelated. If you make a system way more complex than it should be (clearly the case with CSS) it's obvious the risk of vulnerabilities increases exponentially.