Google Chrome Zero-Day CVE-2026-5281 in Dawn WebGPU Component Exploited

CVE-2026-5281 is a high-severity use-after-free vulnerability in Dawn, the open-source cross-platform WebGPU implementation used in Google Chrome. With a CVSS score of 8.8, this flaw allows a remote attacker who has compromised the renderer process to execute arbitrary code via a crafted HTML page. Google confirmed active exploitation in the wild and released security updates for Chrome (versions 146.0.7680.177/178 for Windows/macOS, 146.0.7680.177 for Linux). This marks the fourth actively weaponized Chrome zero-day patched in 2026. CISA added CVE-2026-5281 to its KEV catalog on April 1, 2026, with a remediation deadline of April 15, 2026 for federal agencies. The vulnerability also affects other Chromium-based browsers including Microsoft Edge and Opera. Recommended mitigations: Update Chrome to version 146.0.7680.177 or later immediately, apply updates to all Chromium-based browsers, and monitor for suspicious browser activity.