Zero Day MonitorZDM

← Back to list

—

CVE-2026-5281KEVEXPLOITEDPATCHED

google · chrome

CVE-2026-5281: Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the render

Description

A vulnerability was found in Google Chrome. It has been classified as critical. Affected by this issue is some unknown functionality of the component Dawn. Performing a manipulation results in use after free. This vulnerability is reported as CVE-2026-5281. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

Affected Products

Vendor	Product	Versions
google	chrome	146.0.7680.178, 146.0.7680.165

References

Related News (4 articles)

Tier D

Help Net Security1h ago

Google fixes Chrome zero-day with in-the-wild exploit (CVE-2026-5281)

→ No new info (linked only)

Tier D

BleepingComputer2h ago

Google fixes fourth Chrome zero-day exploited in attacks in 2026

→ No new info (linked only)

Tier C

VulDB7h ago

CVE-2026-5281 | Google Chrome up to 146.0.7680.165 Dawn use after free (ID 491518)

→ No new info (linked only)

Tier B

CERT-FR13h ago

Multiples vulnérabilités dans Google Chrome (01 avril 2026)

→ No new info (linked only)

CISA KEV✅ Yes

Actively exploited✅ Yes

Patch available

146.0.7680.165

CWECWE-416

PublishedApr 1, 2026

Last enriched6h agov2

Trending Score111🔥

Source articles4

Independent4

Info Completeness8/14

Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-3910EXPKEV

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hi

HIGHCVE-2026-3909EXPKEV

Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

HIGHCVE-2026-2441EXPKEV

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CRITICALCVE-2026-5285EXP

CVE-2026-5285: Use after free in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code ins

CRITICALCVE-2026-5277EXP

CVE-2026-5277: Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.178 allowed a remote attacker who had compromi

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 1, 2026

Added to CISA KEV

Apr 1, 2026

Discovered by ZDM

Apr 1, 2026

Actively Exploited

Apr 1, 2026

Patch Available

Apr 1, 2026

Updated: description, severity, affectedVersions, patchAvailable

Apr 1, 2026

Version History

v2

Last enriched 6h ago

v2Tier C6h ago

Updated severity to CRITICAL, affected versions to 146.0.7680.165, and corrected exploit availability.

descriptionseverityaffectedVersionspatchAvailable

via VulDB

v17h ago

Initial creation