Google fixed a new Chrome zero-day, tracked as CVE-2026-5281, in the WebGPU Dawn component that is already exploited in the wild.
Google released Chrome updates fixing 21 vulnerabilities, including a new actively exploited zero-day tracked as CVE-2026-5281. The flaw is a use-after-free bug in Dawn, the WebGPU component used for graphics processing.
Due to ongoing exploitation, the company urges users to update their browsers immediately to reduce the risk of attacks.
“Google is aware that an exploit for CVE-2026-5281 exists in the wild.” reads the advisory.
A use-after-free (UAF) bug is a type of memory error where a program continues to use a piece of memory after it has already been freed (released).
EXPLORE MORE
US says ‘narcoterrorist’ cartel boss killed in Venezuela strike (VIDEO) — RT World News
The Pentagon said the operation to hunt down the leader of the…
YouTuber Jesse Ridgway mocked Down syndrome in old video, says he can’t go to hell as an atheist
(LifeSiteNews) — YouTuber Jesse Ridgway continues to make inflammatory comments in the…
![Wanted: Suspects for Homicide in the 2nd District [VIDEO]](https://thephillypi.com/wp-content/uploads/2026/06/Wanted-Suspects-for-Homicide-in-the-2nd-District-VIDEO-768x432.png "Wanted: Suspects for Homicide in the 2nd District [VIDEO]")
Wanted: Suspects for Homicide in the 2nd District [VIDEO]
The Philadelphia Police Department Homicide Unit is looking to identify the two…
Married Democrat Senate candidate ‘sexted’ multiple women on controversial app
(LifeSiteNews) – Up until this weekend, Democrat U.S. Senate hopeful Graham Platner…
Canadians warned about social media ban leading to privacy violations, digital ID
(LifeSiteNews) — One of Canada’s top constitutional freedom groups warned that a…
Missing Juvenile Lilliana Osuna from the 25th District
The Philadelphia Police Department is requesting the public’s assistance in locating 15-year-old…
Attackers can exploit use-after-free bugs to crash applications, execute malicious code, or take control of a system. Google fixed the Chrome zero-day and urges users to update to version 146.0.7680.177/178 (Windows/macOS) or 146.0.7680.177 (Linux).
As usual, Google did not reveal technical details of the attacks exploiting this flaw or the type of attackers involved, to give users time to update and prevent others from exploiting it.
CVE-2026-5281 is the fourth Chrome zero-day exploited in attacks in 2026, below the other actively exploited flaws addressed by Google this year:
- February 2026 – CVE-2026-2441 – Use after free in CSS
- March 2026 – CVE-2026-3909 (CVSS score: 8.8) – Out-of-bounds write in the Skia 2D graphics library and CVE-2026-3910 (CVSS score: 8.8) – Flaw in the implementation of the V8 JavaScript/WebAssembly engine
