Fourth actively exploited Chrome zero-day (CVE-2026-5281) in Dawn WebGPU implementation patched by Google
Summary
Hide ▲
Show ▼
Google released emergency fixes for the fourth Chrome zero-day vulnerability (CVE-2026-5281) exploited in attacks during 2026, addressing a use-after-free flaw in Dawn, the cross-platform WebGPU implementation within Chromium. The vulnerability allowed attackers to trigger browser crashes, data corruption, rendering issues, or abnormal behavior via malicious web content. Google confirmed active exploitation in the wild but withheld technical details to prevent further abuse until widespread patch adoption. Updates were immediately available for Windows, macOS, and Linux users in the Stable Desktop channel (versions 146.0.7680.177/178), though rollout may take days or weeks for all users. Automatic updates are enabled by default unless manually disabled.
Timeline
-
01.04.2026 13:25 1 articles · 2h ago
Chrome zero-day (CVE-2026-5281) in Dawn WebGPU patched after active exploitation
Google released emergency updates for Chrome Stable Desktop (versions 146.0.7680.177/178) addressing CVE-2026-5281, a use-after-free flaw in Dawn (WebGPU implementation) exploited in attacks. The vulnerability allowed memory corruption leading to browser crashes, rendering issues, or data corruption. Google confirmed active exploitation but withheld details to prevent further abuse. Patches were available immediately for Windows, macOS, and Linux users, with automatic updates enabled by default.
Show sources
- Google fixes fourth Chrome zero-day exploited in attacks in 2026 — www.bleepingcomputer.com — 01.04.2026 13:25
Information Snippets
-
CVE-2026-5281 is a use-after-free vulnerability in Dawn, the WebGPU implementation used by Chromium, enabling memory corruption attacks.
First reported: 01.04.2026 13:251 source, 1 articleShow sources
- Google fixes fourth Chrome zero-day exploited in attacks in 2026 — www.bleepingcomputer.com — 01.04.2026 13:25
-
Exploitation of CVE-2026-5281 allows attackers to cause browser crashes, data corruption, rendering issues, or other abnormal behavior through crafted web content.
First reported: 01.04.2026 13:251 source, 1 articleShow sources
- Google fixes fourth Chrome zero-day exploited in attacks in 2026 — www.bleepingcomputer.com — 01.04.2026 13:25
-
Google confirmed active exploitation of CVE-2026-5281 in the wild but did not disclose incident details, citing ongoing mitigation efforts.
First reported: 01.04.2026 13:251 source, 1 articleShow sources
- Google fixes fourth Chrome zero-day exploited in attacks in 2026 — www.bleepingcomputer.com — 01.04.2026 13:25
-
Patches were released for Chrome Stable Desktop (versions 146.0.7680.177/178) on Windows, macOS, and Linux, with immediate availability for users who check for updates.
First reported: 01.04.2026 13:251 source, 1 articleShow sources
- Google fixes fourth Chrome zero-day exploited in attacks in 2026 — www.bleepingcomputer.com — 01.04.2026 13:25
-
CVE-2026-5281 is the fourth actively exploited Chrome zero-day patched in 2026, following CVE-2026-2441, CVE-2026-3909, and CVE-2026-3910.
First reported: 01.04.2026 13:251 source, 1 articleShow sources
- Google fixes fourth Chrome zero-day exploited in attacks in 2026 — www.bleepingcomputer.com — 01.04.2026 13:25
-
The Dawn use-after-free flaw affects the WebGPU standard's cross-platform implementation, leveraging Chromium's rendering pipeline for potential exploitation.
First reported: 01.04.2026 13:251 source, 1 articleShow sources
- Google fixes fourth Chrome zero-day exploited in attacks in 2026 — www.bleepingcomputer.com — 01.04.2026 13:25