securityaffairs.com 4/1/2026, 9:15:04 PM · via preferred

Google fixes fourth actively exploited Chrome zero-day of 2026

Google fixes fourth actively exploited Chrome zero-day of 2026
Developing story vulnerability 7 articles tracked
Chrome WebGPU zero-day (CVE-2026-5281) exploited in the wild
CyberSIXT Evidence Panel
CVE Intel
CISA KEV Not in KEV
Patch Patch Available

GOOGLE fixed a new Chrome zero-day, tracked as CVE-2026-5281, in the WebGPU Dawn component that is already exploited in the wild. The update also patches 21 vulnerabilities and urges users to update their browsers immediately to reduce the risk of attacks. A use-after-free bug is the fault type involved, which attackers can abuse to crash, run malicious code, or take control of a system; according to Google, CVE-2026-5281 is the fourth Chrome zero-day actively exploited in 2026.

Google is aware that an exploit for CVE-2026-5281 exists in the wild. The advisory notes updates to version 146.0.7680.177/178 for Windows/macOS and 146.0.7680.177 for Linux. CVE-2026-5281 affects Dawn, the WebGPU graphics component, and Google did not disclose technical details of the attacks or the attackers to give users time to apply the fix.

View Primary Source Via securityaffairs.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline