Vulnerability intelligence
CVE-2026-5281
Google Dawn Use-After-Free Vulnerability
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
CVSS Score
—
High
EPSS — Exploit Probability
5.0%
Riskier than 91% of all CVEs
Exploitation
Confirmed in the wild
Used in ransomware campaigns
Remediation
Patch available
Federal deadline 2026-04-15
CISA required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Deadline for federal agencies: 2026-04-15.
7 articles across 6 outlets · first covered Apr 1, 2026 · latest Apr 2, 2026
Tracked incidents
Coverage timeline
-
CVE-2026-5281: Chrome WebGPU Zero-Day Exploited In The Wildsocradar.io · Apr 2, 2026
-
CISA Adds CVE-2026-5281 to Known Exploited Vulnerabilities Cataloguewww.cisa.gov · Apr 2, 2026
-
U.S. CISA adds a flaw in Google Dawn to its Known Exploited Vulnerabilities catalogsecurityaffairs.com · Apr 2, 2026
-
CISA Adds CVE-2026-5281 to Known Exploited Vulnerabilities Cataloguecisa.gov · Apr 1, 2026
-
Google fixes fourth actively exploited Chrome zero-day of 2026securityaffairs.com · Apr 1, 2026
-
Exploited Zero-Day Among 21 Vulnerabilities Patched in Chromewww.securityweek.com · Apr 1, 2026
-
New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Releasedthehackernews.com · Apr 1, 2026