CYBERSIXT Signal Over Noise
securityaffairs.com 4/2/2026, 12:21:45 AM · via preferred

U.S. CISA adds a flaw in Google Dawn to its Known Exploited Vulnerabilities catalog

U.S. CISA adds a flaw in Google Dawn to its Known Exploited Vulnerabilities catalog
Incident Open incident page

CVE-2026-5281: Chrome WebGPU Zero-Day Exploited In The Wild

Google patched CVE-2026-5281, a high-severity use-after-free vulnerability in Dawn, Chromium’s WebGPU implementation, and it has confirmed exploitation in the wild. The NVD wording outlines that a remote attacker who had already compromised the renderer process could execute arbitrary code via a crafted HTML page. Chrome fixed the flaw in stable desktop…

First seen 2026-04-01T13:50:49.621Z · Last seen 2026-04-02T15:05:44.153Z

CVE-2026-5284 CVE-2026-5281
CyberSIXT Evidence Panel
Primary Source cisa.gov
CVE Intel
CVE-2026-5281 - NVD CISA KEV due 2026-04-15 8.8 HIGH
CISA KEV Listed in KEV
Patch Patch Available

THE U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Google Dawn flaw to its Known Exploited Vulnerabilities catalog. Tracked as CVE-2026-5281, the use-after-free defect in the Dawn component of Google Chrome prior to 146.0.7680.178 carries a CVSS score of 8.8.

According to CISA, the vulnerability could affect multiple Chromium-based products, including Google Chrome, Microsoft Edge, and Opera, with a remote attacker able to exploit it via a crafted HTML page after compromising the renderer process. This week Google released Chrome updates fixing 21 vulnerabilities, including the CVE-2026-5281 zero-day, and urged users to update to version 146.0.7680.177/178 (Windows/macOS) or 146.0.7680.177 (Linux). CISA also requires federal agencies to address the identified vulnerabilities by April 15, 2026.

View Primary Source Via securityaffairs.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline