ON 1 April 2026, Google released security updates for Chrome to address 21 vulnerabilities, including a high-severity zero-day, CVE-2026-5281, which has been exploited in the wild. The flaw concerns a use-after-free in Dawn, an open-source implementation of the WebGPU standard, and, as described in the NIST’s National Vulnerability Database (NVD), could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
According to the NVD entry, Chrome versions 146.0.7680.177/178 are the fixes for Windows and Apple macOS, with 146.0.7680.177 also addressing Linux. Google noted that an exploit for CVE-2026-5281 exists in the wild, and that Google has previously shipped fixes for other actively weaponised Chrome zero-days this year. Users of other Chromium-based browsers are advised to apply the fixes when available, and to update via More > Help > About Google Chrome to Relaunch. In total, Google has patched four actively weaponised Chrome zero-days since the start of the year.