CISA has added CVE-2026-5281 to its Known Exploited Vulnerabilities (KEV) catalogue. The entry concerns Google Dawn, an open-source WebGPU implementation utilised in Chromium-based browsers. Google Dawn contains a use-after-free vulnerability that could allow a remote attacker who has compromised the renderer process to execute arbitrary code via a crafted HTML page.
The vulnerability, designated the Google Dawn Use-After-Free Vulnerability, carries a CVSS score of 8.8 and a High severity rating. The flaw represents a use-after-free condition within the graphics library's memory handling routines. A remote attacker who has already gained control of the renderer process could exploit this weakness via a crafted HTML page to achieve arbitrary code execution within the browser context.
The vulnerability affects multiple Chromium-based products, including Google Chrome, Microsoft Edge, and Opera, as these applications incorporate the Dawn library. Google has released patches to address the vulnerability through the Chrome stable channel update released on 31 March 2026.
CISA has confirmed active exploitation of CVE-2026-5281 in the wild. The agency has not attributed this vulnerability to specific ransomware operations at this time. Federal Civilian Executive Branch (FCEB) agencies must apply remedial measures by 15 April 2026 according to Binding Operational Directive 22-01.
CISA requires FCEB agencies to apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. All organisations utilising Chromium-based browsers or applications incorporating the Dawn library should assess their exposure immediately and implement available security updates.
Refer to the linked NVD entry and CISA KEV catalogue for comprehensive technical specifications and patch information.