CISA KEV Alert 4/1/2026, 10:45:50 PM

CISA Adds CVE-2026-5281 to Known Exploited Vulnerabilities Catalogue

Developing story vulnerability 7 articles tracked
Chrome WebGPU zero-day (CVE-2026-5281) exploited in the wild
CyberSIXT Evidence Panel Source marked as original reporting
Primary Source cisa.gov
CISA KEV Listed in KEV
Patch Patch Available

CISA has added CVE-2026-5281 to its Known Exploited Vulnerabilities (KEV) catalogue. The entry concerns Google Dawn, an open-source WebGPU implementation utilised in Chromium-based browsers. Google Dawn contains a use-after-free vulnerability that could allow a remote attacker who has compromised the renderer process to execute arbitrary code via a crafted HTML page.

The vulnerability, designated the Google Dawn Use-After-Free Vulnerability, carries a CVSS score of 8.8 and a High severity rating. The flaw represents a use-after-free condition within the graphics library's memory handling routines. A remote attacker who has already gained control of the renderer process could exploit this weakness via a crafted HTML page to achieve arbitrary code execution within the browser context.

The vulnerability affects multiple Chromium-based products, including Google Chrome, Microsoft Edge, and Opera, as these applications incorporate the Dawn library. Google has released patches to address the vulnerability through the Chrome stable channel update released on 31 March 2026.

CISA has confirmed active exploitation of CVE-2026-5281 in the wild. The agency has not attributed this vulnerability to specific ransomware operations at this time. Federal Civilian Executive Branch (FCEB) agencies must apply remedial measures by 15 April 2026 according to Binding Operational Directive 22-01.

CISA requires FCEB agencies to apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. All organisations utilising Chromium-based browsers or applications incorporating the Dawn library should assess their exposure immediately and implement available security updates.

Refer to the linked NVD entry and CISA KEV catalogue for comprehensive technical specifications and patch information.

View CISA KEV Entry

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline