Google has addressed a fourth zero-day vulnerability in Chrome this year, specifically CVE-2026-5281, which affects the browser's implementation of WebGPU, known as Dawn. This vulnerability enables a remote attacker to execute arbitrary code via a crafted HTML page, provided they have already compromised the renderer process. An exploit for this vulnerability is known to exist in the wild1. To mitigate this issue, users are advised to update to Chrome version 146.0.7680.178 or later. The presence of an active exploit underscores the importance of prompt patching. This latest development highlights the ongoing challenges in maintaining the security of complex software like Chrome, where newly discovered vulnerabilities can be quickly exploited. The fact that this is the fourth zero-day vulnerability patched by Google this year alone emphasizes the need for practitioners to stay vigilant and prioritize updates.
Google patches fourth Chrome zero-day so far this year
⚠️ Critical Alert
Why This Matters
CVE-2026-5281 is in active discussion involving Google — exploitation status determines whether this is patch-now or monitor.
References
- CSO Online. (2026, April 3). Google patches fourth Chrome zero-day so far this year. *CSO Online*. https://www.csoonline.com/article/4154235/google-patches-fourth-chrome-zero-day-so-far-this-year.html
Original Source
CSO Online
Read original →