Zero-Day Security Alert — April 1, 2026: Google Chrome Dawn Use-After-Free Actively Exploited

Daily Security Briefing

April 1, 2026

CVE-2026-5281 | CVSS 8.8 | HIGH Severity | Actively Exploited (CISA KEV)

Affected Product

Google Chrome (Dawn component) prior to version 146.0.7680.178 on Windows, macOS, and Linux

Description

A use-after-free vulnerability exists in the Dawn WebGPU implementation within Google Chrome. An attacker who has already compromised the Chrome renderer process can exploit this flaw to execute arbitrary code on the victim's system by serving a specially crafted HTML page. Dawn is Chrome's native implementation of the WebGPU API, making this a browser-level attack surface present on all desktop platforms.

Attack Vector

Network-based with low attack complexity. No privileges are required, but user interaction is needed (the victim must visit or be directed to a malicious page). The attacker must first achieve renderer compromise, after which this vulnerability enables a sandbox escape to full code execution. Confidentiality, integrity, and availability impacts are all rated High.

Remediation

Update Google Chrome to version 146.0.7680.178 or later immediately. Enterprise administrators should push the update through their browser management policies and verify deployment across all managed endpoints. If immediate patching is not possible, consider restricting access to untrusted web content or applying network-level controls to limit exposure.

CISA Remediation Due Date: April 15, 2026

This report is generated automatically from NVD and CISA KEV data.