CYBERSIXT Signal Over Noise
www.securityweek.com 4/1/2026, 2:53:17 PM · via preferred

Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome

Incident Open incident page

CVE-2026-5281: Chrome WebGPU Zero-Day Exploited In The Wild

Google patched CVE-2026-5281, a high-severity use-after-free vulnerability in Dawn, Chromium’s WebGPU implementation, and it has confirmed exploitation in the wild. The NVD wording outlines that a remote attacker who had already compromised the renderer process could execute arbitrary code via a crafted HTML page. Chrome fixed the flaw in stable desktop…

First seen 2026-04-01T13:50:49.621Z · Last seen 2026-04-02T15:05:44.153Z

CVE-2026-5284 CVE-2026-5281
CyberSIXT Evidence Panel
CVE Intel
CVE-2026-5281 - NVD Not in KEV 0
CVE-2026-5284 - NVD Not in KEV 7.5 HIGH
CISA KEV Not in KEV
Patch Patch Available

GOOGLE has issued a Chrome 146 update that patches 21 vulnerabilities, including a zero‑day that has been exploited in the wild. According to Google, the exploited vulnerability is tracked as CVE-2026-5281 and is a use‑after‑free issue in Dawn, Chrome’s graphics layer. Google is aware that an exploit for CVE-2026-5281 exists in the wild, but has not disclosed details of the attacks.

The same advisory notes that CVE-2026-5284, another high‑severity use‑after‑free issue in Dawn reported by the same researcher, does not appear to have been exploited in the wild. All 21 vulnerabilities patched in the latest update were reported in March, and Google has not announced bug bounties for the researchers.

View full article

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline