🟢 CVE-2026-5281

CVE-2026-5281 is a use-after-free vulnerability in Google Chrome's Dawn component that allows arbitrary code execution via crafted HTML pages. While actively exploited in the wild, this affects client-side browser software, not internet-facing servers, making it a phishing/social engineering attack vector rather than direct internet exploitation.

← Back to Overview
LOW_RISK
Risk Level
8.8
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1189 — Drive-by Compromise
ATT&CK Technique
VERY_LOW
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: USER_INTERACTION

CVE Published: 2026-04-01

Added to CISA KEV: 2026-04-01 0 DAY BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-04-01)

CVE-2026-5281 is a use-after-free vulnerability in Dawn, an open-source implementation of the WebGPU standard used in Google Chrome [3] [5] [11] [4]. This vulnerability affects Chrome versions prior to 146.0.7680.177/178 for Windows/Mac and prior to 146.0.7680.177 for Linux [5].

Regarding its exploitation:

  • Internet-facing applications or services: The vulnerability is within Google Chrome, a web browser, which is inherently used to access internet-facing services. The exploit allows a remote attacker who has compromised the renderer process to execute arbitrary code via a crafted HTML page [1] [1] [10].
  • Evidence of active exploitation in the wild: Yes, there is evidence of active exploitation [2] [10] [9] [11] [12] [7] [13] [4]. Google has confirmed that an exploit for this vulnerability exists in the wild [2] [10] [7]. This marks it as the fourth zero-day vulnerability addressed by Google in Chrome in 2026 [2] [9] [13].
  • Attack vectors and exploitation methods: The vulnerability is a use-after-free (UAF) bug [3] [5] [11] [12] [7] [4]. A remote attacker, after compromising the renderer process, can execute arbitrary code by presenting a specially crafted HTML page [1] [1] [10]. Specific details about the exploit and how it is being used by attackers are limited [5] [11].
  • Use in targeted attacks: While Google has confirmed active exploitation, they have not shared details about the specific incidents or who might be behind the attacks [2] [3]. However, one source indicates that threat actors are actively leveraging it in targeted attack campaigns [7].
  • CISA Known Exploited Vulnerabilities status: As of the provided information, CVE-2026-5281 is not listed on the CISA Known Exploited Vulnerabilities (KEV) Catalog [6] [14] [15]. However, CISA has added other vulnerabilities to the KEV catalog that have been actively exploited [8] [16] [17] [18] [19] [20] [21] [22].
  • Technical details about internet exploitability: The vulnerability allows for arbitrary code execution [1] [1] [10]. This is achieved through a use-after-free flaw in the Dawn component, which is part of the WebGPU standard implementation in Chrome. This type of memory corruption occurs when an application attempts to use memory after it has been deallocated [4]. The exploit requires the attacker to have already compromised the renderer process, and the attack is delivered via a crafted HTML page [1] [1].

Sources

  1. NVD - CVE-2026-5281

    CVE-2026-5281 Detail. Description. Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.Quick Info. CVE Dictionary Entry: CVE-2026-5281 NVD Published Date: 04/01/2026 NVD L…

  2. Google fixes fourth Chrome zero-day exploited in attacks in 2026

    Google is aware that an exploit for CVE-2026-5281 exists in the wild," Google said in a security advisory issued on Tuesday. ... exploiting this zero-day flaw in the wild, it did not share ... Google patched two other Chrome zero-day bugs exploited in attacks earlier this month: the first is an out-…

  3. New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch ...

    The high-severity vulnerability, CVE-2026-5281 (CVSS score: N/A), concerns a use-after-free bug in Dawn, an open-source and cross-platform implementation of the WebGPU standard.As is customary for these alerts, Google did not provide any further details on how the shortcoming is being exploited and…

  4. Google Addresses Zero-day Vulnerability Exploited in the Wild (CVE-2026 ...

    CVE-2026-5281 is a use-after-free vulnerability in Dawn, the open-source implementation of the WebGPU standard. This type of memory corruption flaw occurs when an application continues to use a pointer after the memory it points to has been cleared.

  5. Google fixes Chrome zero-day with in-the-wild exploit (CVE-2026-5281)

    About CVE-2026-5281. As per usual, information about the fixed zero-day is limited, and there’s no details about the exploit (or how/if it’s being used by attackers). CVE-2026-5281’s official description says it’s a use-after-free (UAF) vulnerability in Dawn, an open-source and cross-platform implem…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed