New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released

Published:

1 april 2026 om 11:42:00

Alert date:

1 april 2026 om 14:01:53

Source:

thehackernews.com

Web Technologies, Zero-Day Vulnerabilities

Google released security updates for Chrome browser addressing 21 vulnerabilities including a high-severity zero-day flaw CVE-2026-5281 that is being actively exploited in the wild. The vulnerability is a use-after-free bug in Dawn, which is an open-source implementation of the WebGPU standard. The flaw affects Google Chrome prior to the latest version and has been assigned high severity rating.

Technical details

CVE-2026-5281 is a high-severity use-after-free vulnerability in Dawn, an open-source and cross-platform implementation of the WebGPU standard. The flaw allows a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page in Google Chrome prior to version 146.0.7680.178.

Mitigation steps:

Update Chrome browser to versions 146.0.7680.177/178 for Windows and Apple macOS, and 146.0.7680.177 for Linux. Navigate to More > Help > About Google Chrome and select Relaunch. Users of other Chromium-based browsers should apply fixes as they become available.

Affected products:

Google Chrome prior to 146.0.7680.178
Chromium-based browsers (Microsoft Edge
Brave
Opera
Vivaldi)