THREAT SENTINEL
Back to Dashboard
VulnerabilitiesCritical

Google Chrome Zero-Day CVE-2026-5281 Exploited — Fourth Chrome 0-Day of 2026

Thursday, April 2, 2026
Global
CISA KEV + BleepingComputer

Summary

Google released emergency security updates for Chrome to patch CVE-2026-5281, a use-after-free vulnerability in the Dawn WebGPU implementation actively exploited in the wild. Fourth Chrome zero-day of 2026. CISA mandates patches by April 15, 2026.

Threat Analysis

CVE-2026-5281 is a use-after-free in Dawn WebGPU implementation in Chrome. Allows RCE via crafted HTML page when renderer is compromised.

Affected Products: Google Chrome prior to version 146.0.7680.178 (Windows/Mac/Linux). Also affects Chromium-based browsers including Microsoft Edge and Opera.

Exploitation Status: Actively exploited in the wild. Fourth Chrome zero-day of 2026.

Recommended Mitigations: (1) Update Chrome to version 146.0.7680.178 or later immediately. (2) Update all Chromium-based browsers. (3) Enable automatic browser updates. (4) Federal agencies must patch before April 15, 2026.

Last updated: Apr 2, 2026, 08:23 AM

Daily Intelligence

Stay Ahead of Threats

Subscribe to receive daily threat briefings delivered to your inbox. Be the first to know about emerging security risks.

No spamUnsubscribe anytimeDaily at 9 AM