CYBERSIXT Signal Over Noise
securityaffairs.com 4/1/2026, 9:15:04 PM · via preferred

Google fixes fourth actively exploited Chrome zero-day of 2026

Google fixes fourth actively exploited Chrome zero-day of 2026
Incident Open incident page

CVE-2026-5281: Chrome WebGPU Zero-Day Exploited In The Wild

Google patched CVE-2026-5281, a high-severity use-after-free vulnerability in Dawn, Chromium’s WebGPU implementation, and it has confirmed exploitation in the wild. The NVD wording outlines that a remote attacker who had already compromised the renderer process could execute arbitrary code via a crafted HTML page. Chrome fixed the flaw in stable desktop…

First seen 2026-04-01T13:50:49.621Z · Last seen 2026-04-02T15:05:44.153Z

CVE-2026-5284 CVE-2026-5281
CyberSIXT Evidence Panel
Primary Source chromereleases.googleblog.com
CVE Intel
CVE-2026-5281 - NVD Not in KEV 8.8 HIGH
CISA KEV Not in KEV
Patch Patch Available

GOOGLE fixed a new Chrome zero-day, tracked as CVE-2026-5281, in the WebGPU Dawn component that is already exploited in the wild. The update also patches 21 vulnerabilities and urges users to update their browsers immediately to reduce the risk of attacks. A use-after-free bug is the fault type involved, which attackers can abuse to crash, run malicious code, or take control of a system; according to Google, CVE-2026-5281 is the fourth Chrome zero-day actively exploited in 2026.

Google is aware that an exploit for CVE-2026-5281 exists in the wild. The advisory notes updates to version 146.0.7680.177/178 for Windows/macOS and 146.0.7680.177 for Linux. CVE-2026-5281 affects Dawn, the WebGPU graphics component, and Google did not disclose technical details of the attacks or the attackers to give users time to apply the fix.

View Primary Source Via securityaffairs.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline