News
Chrome Zero-Day CVE-2026-5281 Actively Exploited — Fourth Zero-Day of 2026, Targets WebGPU Rendering
Google patched CVE-2026-5281, a high-severity use-after-free in Chrome's Dawn WebGPU implementation allowing remote code execution via crafted HTML. CISA added it to the KEV catalog on April 1 with a federal patch deadline of April 15. This is Chrome's fourth zero-day in four months — three of four targeting graphics/rendering subsystems (CSS, Skia, Dawn) — and all Chromium-based browsers (Edge, Brave, Opera, Vivaldi) are affected. Update to Chrome 146.0.7680.178 immediately.
↳ Follow the thread