Google on Thursday released security updates for its Chrome web browser that address 21 vulnerabilities, including a zero-day flaw that the company says is being exploited in the wild.
High severity vulnerability CVE-2026-5281 (CVSS score: N/A) involves a use-after-free bug in Dawn, an open source and cross-platform implementation of the WebGPU standard.
“Use-after-free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who compromised the renderer process to execute arbitrary code via a crafted HTML page,” according to the flaw description in NIST’s National Vulnerability Database (NVD).
As is customary with these alerts, Google did not provide details about how this flaw was being exploited or who was behind the effort. This is typically done to ensure the majority of users are updated with the patch and to prevent other attackers from joining the wave of exploits.
“Google is aware that exploits for CVE-2026-5281 exist in the wild,” the company acknowledged.
This development comes shortly after Google shipped fixes for two high-severity flaws (CVE-2026-3909 and CVE-2026-3910) that were exploited as zero-days. In February, the tech giant also addressed an actively exploited use-after-free bug (CVE-2026-2441) in Chrome’s CSS components. Since the beginning of this year, Google has patched a total of four actively weaponized Chrome zero-days.
For optimal protection, we recommend updating your Chrome browser to version 146.0.7680.177/178 for Windows and Apple macOS and 146.0.7680.177 for Linux. To ensure the latest updates are installed, users can[詳細]>[ヘルプ]>[Google Chrome について]Move to[再起動]Select.
Users of other Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also encouraged to apply fixes when they become available.
Source link
