New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released

Google has pushed an emergency security update for Chrome to address 21 vulnerabilities, including CVE-2026-5281 — a high-severity use-after-free zero-day in the Dawn graphics engine that the company confirms is actively being exploited in the wild.

This marks the fourth Chrome zero-day patched by Google since the start of 2026, continuing an alarming trend of browser engine vulnerabilities being weaponised before patches are available.

What Is CVE-2026-5281?

Detail	Value
CVE ID	CVE-2026-5281
Severity	High
CVSS Score	Not yet assigned
Vulnerability Type	Use-After-Free (UAF)
Affected Component	Dawn — Chrome's cross-platform graphics API implementation
Exploitation Status	Actively exploited in the wild
Patch Available	Yes — Chrome stable channel update (April 1, 2026)

The flaw resides in Dawn, Google's open-source implementation of WebGPU — the next-generation graphics API that gives web pages access to GPU hardware for rendering and compute workloads. Dawn is a shared component used across Chrome, Chromium-based browsers, and other projects.

Use-after-free vulnerabilities in browser engines are particularly dangerous. When memory that has already been freed is accessed again, an attacker can potentially:

Corrupt heap memory to redirect code execution
Bypass browser sandboxing to escape the renderer process
Execute arbitrary code in the context of the browser or the underlying OS

Actively Exploited in the Wild

Google's security team confirmed that "an exploit for CVE-2026-5281 exists in the wild" — the standard disclosure language used when the company is aware of real-world attacks targeting the vulnerability.

While Google has not disclosed the identity of the threat actors exploiting this flaw, use-after-free zero-days in browser graphics subsystems have historically been associated with:

Nation-state espionage campaigns targeting journalists, activists, and government officials
Exploit broker ecosystems selling browser exploits for use in targeted attacks
Initial access brokers chaining browser exploits with privilege escalation to compromise endpoints

Chrome's Zero-Day Count in 2026

This is the fourth Chrome zero-day patched in 2026, following a pattern that security researchers have flagged as increasingly concerning:

#	CVE	Component	Exploit Status	Patch Date
1	CVE-2026-2441	V8 JavaScript Engine	Exploited in wild	Feb 2026
2	CVE-2026-XXXX	GPU Process	Exploited in wild	Mar 2026
3	CVE-2026-XXXX	Mojo IPC	Exploited in wild	Mar 2026
4	CVE-2026-5281	Dawn / WebGPU	Exploited in wild	Apr 1, 2026

The shift to Dawn and WebGPU as an exploitation target is significant. As browsers increasingly expose GPU hardware to web content for performance reasons, the WebGPU attack surface is expanding rapidly.

Update Chrome Now

Google has released the fix in the Chrome stable channel. All users and administrators should update immediately.

How to Update

Desktop (Windows, macOS, Linux):

Open Chrome
Click the three-dot menu → Help → About Google Chrome
Chrome will automatically check for and apply the update
Click Relaunch to complete the update

Via Command Line (Linux):

# Ubuntu / Debian
sudo apt update && sudo apt upgrade google-chrome-stable
 
# Fedora / RHEL
sudo dnf update google-chrome-stable
 
# Verify installed version
google-chrome --version

Enterprise Deployment:

# Check target version from Chrome Enterprise release notes
# Deploy via your MDM/patch management platform (SCCM, Intune, Jamf)
# Policy: ChromeVersion >= [patched version]

Verify You're Protected

After updating, confirm you're running the patched version:

Chrome menu → Help → About Google Chrome
# Version should show the April 1, 2026 stable channel release

Dawn and WebGPU: An Expanding Attack Surface

Dawn is not exclusive to Chrome — it underpins the WebGPU implementation across multiple browsers and platforms:

Chrome (desktop and Android)
Chromium (the open-source base for Edge, Brave, Opera, Vivaldi, and others)
Downstream Chromium-based browsers may be affected if they haven't applied the patch from the Chromium codebase

Administrators managing fleets of Chromium-based browsers should verify that all Chromium derivatives in their environment are updated, not just Chrome itself.

What to Do Right Now

Update Chrome immediately — do not wait for your next scheduled patch cycle
Update all Chromium-based browsers — Edge, Brave, Opera, Vivaldi, Arc
Deploy via MDM/patch management if managing enterprise endpoints
Verify browser version in your asset inventory and patch compliance tools
Block JavaScript execution from untrusted sites as a temporary risk reduction measure (not a substitute for patching)
Monitor for exploitation indicators — unusual renderer crashes, unexpected child process spawning, or browser-spawned shell processes

Source: The Hacker News — April 1, 2026

This marks the fourth Chrome zero-day patched by Google since the start of 2026, continuing an alarming trend of browser engine vulnerabilities being weaponised before patches are available.

What Is CVE-2026-5281?

Detail	Value
CVE ID	CVE-2026-5281
Severity	High
CVSS Score	Not yet assigned
Vulnerability Type	Use-After-Free (UAF)
Affected Component	Dawn — Chrome's cross-platform graphics API implementation
Exploitation Status	Actively exploited in the wild
Patch Available	Yes — Chrome stable channel update (April 1, 2026)

Use-after-free vulnerabilities in browser engines are particularly dangerous. When memory that has already been freed is accessed again, an attacker can potentially:

Corrupt heap memory to redirect code execution
Bypass browser sandboxing to escape the renderer process
Execute arbitrary code in the context of the browser or the underlying OS

Actively Exploited in the Wild

While Google has not disclosed the identity of the threat actors exploiting this flaw, use-after-free zero-days in browser graphics subsystems have historically been associated with:

Nation-state espionage campaigns targeting journalists, activists, and government officials
Exploit broker ecosystems selling browser exploits for use in targeted attacks
Initial access brokers chaining browser exploits with privilege escalation to compromise endpoints

Chrome's Zero-Day Count in 2026

This is the fourth Chrome zero-day patched in 2026, following a pattern that security researchers have flagged as increasingly concerning:

#	CVE	Component	Exploit Status	Patch Date
1	CVE-2026-2441	V8 JavaScript Engine	Exploited in wild	Feb 2026
2	CVE-2026-XXXX	GPU Process	Exploited in wild	Mar 2026
3	CVE-2026-XXXX	Mojo IPC	Exploited in wild	Mar 2026
4	CVE-2026-5281	Dawn / WebGPU	Exploited in wild	Apr 1, 2026

Update Chrome Now

Google has released the fix in the Chrome stable channel. All users and administrators should update immediately.

How to Update

Desktop (Windows, macOS, Linux):

Open Chrome
Click the three-dot menu → Help → About Google Chrome
Chrome will automatically check for and apply the update
Click Relaunch to complete the update

Via Command Line (Linux):

# Ubuntu / Debian
sudo apt update && sudo apt upgrade google-chrome-stable
 
# Fedora / RHEL
sudo dnf update google-chrome-stable
 
# Verify installed version
google-chrome --version

Enterprise Deployment:

# Check target version from Chrome Enterprise release notes
# Deploy via your MDM/patch management platform (SCCM, Intune, Jamf)
# Policy: ChromeVersion >= [patched version]

Verify You're Protected

After updating, confirm you're running the patched version:

Chrome menu → Help → About Google Chrome
# Version should show the April 1, 2026 stable channel release

Dawn and WebGPU: An Expanding Attack Surface

Dawn is not exclusive to Chrome — it underpins the WebGPU implementation across multiple browsers and platforms:

Chrome (desktop and Android)
Chromium (the open-source base for Edge, Brave, Opera, Vivaldi, and others)
Downstream Chromium-based browsers may be affected if they haven't applied the patch from the Chromium codebase

Administrators managing fleets of Chromium-based browsers should verify that all Chromium derivatives in their environment are updated, not just Chrome itself.

What to Do Right Now

Update Chrome immediately — do not wait for your next scheduled patch cycle
Update all Chromium-based browsers — Edge, Brave, Opera, Vivaldi, Arc
Deploy via MDM/patch management if managing enterprise endpoints
Verify browser version in your asset inventory and patch compliance tools
Block JavaScript execution from untrusted sites as a temporary risk reduction measure (not a substitute for patching)
Monitor for exploitation indicators — unusual renderer crashes, unexpected child process spawning, or browser-spawned shell processes

Source: The Hacker News — April 1, 2026

New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released

What Is CVE-2026-5281?

Actively Exploited in the Wild

Chrome's Zero-Day Count in 2026

Update Chrome Now

How to Update

Verify You're Protected

Dawn and WebGPU: An Expanding Attack Surface

What to Do Right Now

Google Fixes Fourth Chrome Zero-Day Exploited in Attacks in 2026

Interlock Ransomware Exploited Cisco FMC Zero-Day for 36 Days Before Disclosure

Critical Langflow RCE Flaw Exploited Within 20 Hours of Disclosure

New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released

What Is CVE-2026-5281?

Actively Exploited in the Wild

Chrome's Zero-Day Count in 2026

Update Chrome Now

How to Update

Verify You're Protected

Dawn and WebGPU: An Expanding Attack Surface

What to Do Right Now

Google Fixes Fourth Chrome Zero-Day Exploited in Attacks in 2026

Interlock Ransomware Exploited Cisco FMC Zero-Day for 36 Days Before Disclosure

Critical Langflow RCE Flaw Exploited Within 20 Hours of Disclosure