Google has addressed a critical zero-day vulnerability in Chrome, identified as CVE-2026-5281, which is being actively exploited by attackers. The flaw is a use-after-free bug located in the WebGPU Dawn component, responsible for graphics processing. This marks the fourth actively exploited Chrome zero-day fixed by Google in 2026. The company has released updates for Chrome, patching a total of 21 vulnerabilities, and is urging users to update their browsers as soon as possible to mitigate the risk of attacks1. The existence of an exploit for CVE-2026-5281 in the wild underscores the need for immediate action. The exploitation status of this vulnerability warrants a patch-now approach, rather than simply monitoring the situation. This vulnerability matters to practitioners because it highlights the importance of prompt patch management to prevent potential breaches.
Google fixes fourth actively exploited Chrome zero-day of 2026
⚡ High Priority
Why This Matters
CVE-2026-5281 is in active discussion involving Google — exploitation status determines whether this is patch-now or monitor.
References
- SecurityAffairs. (2026, April 1). Google fixes fourth actively exploited Chrome zero-day of 2026. *SecurityAffairs*. https://securityaffairs.com/190265/hacking/google-fixes-fourth-actively-exploited-chrome-zero-day-of-2026.html
Original Source
SecurityAffairs
Read original →