Google fixed a new Chrome zero-day, tracked as CVE-2026-5281, in the WebGPU Dawn component that is already exploited in the wild.
Google released Chrome updates fixing 21 vulnerabilities, including a new actively exploited zero-day tracked as CVE-2026-5281. The flaw is a use-after-free bug in Dawn, the WebGPU component used for graphics processing.
Due to ongoing exploitation, the company urges users to update their browsers immediately to reduce the risk of attacks.
“Google is aware that an exploit for CVE-2026-5281 exists in the wild.” reads the advisory.
A use-after-free (UAF) bug is a type of memory error where a program continues to use a piece of memory after it has already been freed (released).
EXPLORE MORE
Ukraine adds Woody Allen to state-linked ‘kill list’
Film star Woody Allen has been added to the list of Ukraine’s…
From Windows to macOS: ClickFix attacks shift tactics with ChatGPT-based lures
ClickFix campaigns are evolving, with attackers increasingly targeting macOS users and deploying…
Endangered Missing Person Callon Baniewicz from the 9th District
The Philadelphia Police Department is seeking the public’s assistance in locating endangered…
U.S. CISA adds a flaw in Cisco FMC and Cisco SCC Firewall Management to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in…
Pro-Trump ‘anti-woke’ lawyer and leftist senator contend for Colombia’s presidency — RT World News
Pro-Trump lawyer Abelardo de la Espriella secured a narrow lead over left-wing…
Gunman opened fire near White House, killed by Secret Service
WASHINGTON, D.C. (LifeSiteNews) — The White House was placed under lockdown on…
Attackers can exploit use-after-free bugs to crash applications, execute malicious code, or take control of a system. Google fixed the Chrome zero-day and urges users to update to version 146.0.7680.177/178 (Windows/macOS) or 146.0.7680.177 (Linux).
As usual, Google did not reveal technical details of the attacks exploiting this flaw or the type of attackers involved, to give users time to update and prevent others from exploiting it.
CVE-2026-5281 is the fourth Chrome zero-day exploited in attacks in 2026, below the other actively exploited flaws addressed by Google this year:
- February 2026 – CVE-2026-2441 – Use after free in CSS
- March 2026 – CVE-2026-3909 (CVSS score: 8.8) – Out-of-bounds write in the Skia 2D graphics library and CVE-2026-3910 (CVSS score: 8.8) – Flaw in the implementation of the V8 JavaScript/WebAssembly engine
