www.cisa.gov 4/2/2026, 1:46:02 AM · via preferred

CISA Adds CVE-2026-5281 to Known Exploited Vulnerabilities Catalogue

Developing story vulnerability 7 articles tracked
Chrome WebGPU zero-day (CVE-2026-5281) exploited in the wild
CyberSIXT Evidence Panel
CISA KEV Listed in KEV
Patch Patch Available

ACCORDING to CISA, the Known Exploited Vulnerabilities Catalog entry for CVE-2026-5281 concerns the Google Dawn Use-After-Free Vulnerability, which could allow a remote attacker who has compromised the renderer process to execute arbitrary code via a crafted HTML page. The vulnerability could affect multiple Chromium-based products, including Google Chrome, Microsoft Edge, and Opera. The item notes that it is Unknown whether it has been used in ransomware campaigns.

Action recommended is to apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Date Added is 1 April 2026, with a Due Date of 15 April 2026.

View Primary Source Via www.cisa.gov

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline