CVE-2026-2441: When CSS Becomes a Sandbox Escape Vector

A critical zero-day in Chrome’s CSS parsing engine allows sandbox escapes. Here’s how it works, who’s vulnerable, and the CSP rules that block it.