191/69 Friday, April 3, 2026
Google has released a security update for its Chrome browser to address 21 vulnerabilities, including a zero-day flaw that has already been actively exploited in the wild. The vulnerability, tracked as CVE-2026-5281, is a Use-After-Free (UAF) issue in the WebGPU Dawn component, which is responsible for graphics processing. Google confirmed that an exploit for this vulnerability exists and urged users to update immediately to reduce the risk of compromise.
A Use-After-Free vulnerability is a type of memory corruption issue that occurs when a program continues to use memory after it has been freed. Attackers can exploit this flaw to crash applications or execute arbitrary code, potentially leading to full system compromise. Google has released patched versions 146.0.7680.177/178 for Windows and macOS, and 146.0.7680.177 for Linux. Technical details of the exploit have not been disclosed to prevent further abuse.
CVE-2026-5281 marks the fourth Chrome zero-day vulnerability exploited in 2026, following CVE-2026-2441 (Use-After-Free in CSS), as well as CVE-2026-3909 and CVE-2026-3910, which are related to out-of-bounds write issues and the V8 engine. These incidents highlight the increasing trend of attacks targeting web browsers as a primary entry point for users. Regular software updates remain essential to maintaining system and data security.