CYBERSIXT Signal Over Noise
www.cisa.gov 4/2/2026, 1:46:02 AM · via preferred

CISA Adds CVE-2026-5281 to Known Exploited Vulnerabilities Catalogue

Incident Open incident page

CVE-2026-5281: Chrome WebGPU Zero-Day Exploited In The Wild

Google patched CVE-2026-5281, a high-severity use-after-free vulnerability in Dawn, Chromium’s WebGPU implementation, and it has confirmed exploitation in the wild. The NVD wording outlines that a remote attacker who had already compromised the renderer process could execute arbitrary code via a crafted HTML page. Chrome fixed the flaw in stable desktop…

First seen 2026-04-01T13:50:49.621Z · Last seen 2026-04-02T15:05:44.153Z

CVE-2026-5284 CVE-2026-5281
CyberSIXT Evidence Panel
Primary Source chromereleases.googleblog.com
CVE Intel
CVE-2026-5281 - NVD CISA KEV due 2026-04-15 8.8 HIGH
CISA KEV Listed in KEV
Patch Patch Available

ACCORDING to CISA, the Known Exploited Vulnerabilities Catalog entry for CVE-2026-5281 concerns the Google Dawn Use-After-Free Vulnerability, which could allow a remote attacker who has compromised the renderer process to execute arbitrary code via a crafted HTML page. The vulnerability could affect multiple Chromium-based products, including Google Chrome, Microsoft Edge, and Opera. The item notes that it is Unknown whether it has been used in ransomware campaigns.

Action recommended is to apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Date Added is 1 April 2026, with a Due Date of 15 April 2026.

View Primary Source Via www.cisa.gov

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline