Google released emergency updates to patch a use-after-free vulnerability in Dawn (WebGPU) tracked as CVE-2026-5281 that was being exploited in the wild, marking the fourth Chrome zero-day fixed this year. The out-of-band Stable Desktop update is rolling out for Windows, macOS, and Linux while Google restricts full bug details until a majority of users are updated. #CVE-2026-5281 #Chrome
Keypoints
- Google patched a use-after-free vulnerability in Dawn (WebGPU) tracked as CVE-2026-5281 that was being exploited in the wild.
- The emergency Stable Desktop update is rolling out to Windows, macOS (146.0.7680.177/178), and Linux (146.0.7680.177).
- Google limited public bug details until a majority of users receive the fix and when third-party libraries remain unpatched.
- This is the fourth actively exploited Chrome zero-day fixed this year, following CVE-2026-2441, CVE-2026-3909, and CVE-2026-3910.
- Googleβs Threat Analysis Group has been instrumental in discovering and reporting many of the recent zero-days used in spyware attacks.