CVE-2026-5281KEVEXPLOITEDPATCHED

google · chrome

CVE-2026-5281: Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the render

Description

Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Affected Products

Vendor	Product	Versions
google	chrome	146.0.7680.178, 146.0.3856.97

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
apple	macos	cve_cpe	95%
google	chrome	cert_advisory	90%
linux	linux_kernel	cve_cpe	95%
microsoft	windows	cve_cpe	95%

References

Related News (16 articles)

Tier B

CERT-FR1d ago

Multiples vulnérabilités dans les produits Palo Alto Networks (15 mai 2026)

→ No new info (linked only)

Tier D

Help Net Security36d ago

April 2026 Patch Tuesday forecast: Spring-cleaning of a preview

→ No new info (linked only)

Tier B

CCCS Canada38d ago

Microsoft Edge security advisory (AV26-315)

→ No new info (linked only)

Tier B

CERT-FR39d ago

Bulletin d'actualité CERTFR-2026-ACT-015 (07 avril 2026)

→ No new info (linked only)

Tier D

The Hacker News40d ago

⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More

→ No new info (linked only)

Tier D

Help Net Security41d ago

Week in review: Axios npm supply chain compromise, critical FortiClient EMS bugs exploited

→ No new info (linked only)

Tier D

CSO Online42d ago

Google patches fourth Chrome zero-day so far this year

→ No new info (linked only)

Tier A

Microsoft MSRC43d ago

Chromium: CVE-2026-5281 Use after free in Dawn

→ No new info (linked only)

Tier B

CERT-FR43d ago

Multiples vulnérabilités dans Microsoft Edge (03 avril 2026)

→ No new info (linked only)

Tier D

SecurityWeek44d ago

Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome

→ No new info (linked only)

Tier B

CCCS Canada45d ago

Google Chrome security advisory (AV26-306)

→ No new info (linked only)

Tier D

The Hacker News45d ago

New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released

→ No new info (linked only)

Tier D

Help Net Security45d ago

Google fixes Chrome zero-day with in-the-wild exploit (CVE-2026-5281)

→ No new info (linked only)

Tier B

BSI Advisories45d ago

[NEU] [hoch] Google Chrome: Mehrere Schwachstellen

→ No new info (linked only)

Tier D

BleepingComputer45d ago

Google fixes fourth Chrome zero-day exploited in attacks in 2026

→ No new info (linked only)

Tier B

CERT-FR45d ago

Multiples vulnérabilités dans Google Chrome (01 avril 2026)

→ No new info (linked only)

CVSS 3.18.8 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA KEV✅ Yes

Actively exploited✅ Yes

Patch available

146.0.7680.177

CWECWE-416

PublishedApr 1, 2026

Last enriched43d agov4

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-7343EXP

CVE-2026-7343: Use after free in Views in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromise

Trending: 63

HIGHCVE-2026-7363EXP

CVE-2026-7363: Use after free in Canvas in Google Chrome on Linux, ChromeOS prior to 147.0.7727.138 allowed a remote attacker to execut

Trending: 60

HIGHCVE-2026-5284EXP

CVE-2026-5284: Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the render

Trending: 58

HIGHCVE-2026-5909EXP

CVE-2026-5909: Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap

Trending: 57

HIGHCVE-2026-5914EXP

CVE-2026-5914: Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a mali

Trending: 57

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Apr 1, 2026

Added to CISA KEV

Apr 1, 2026

Discovered by ZDM

Apr 1, 2026

Updated: affectedVersions, cweIds

Apr 1, 2026

Actively Exploited

Apr 2, 2026

Exploit Available

Apr 2, 2026

Patch Available

Apr 2, 2026

Updated: exploitAvailable, tags

Apr 2, 2026

Updated: affectedVersions

Apr 3, 2026

Version History

Last enriched 43d ago

v4Tier B43d ago

Updated product to Microsoft Edge, added affected versions, and included new relevant tags.

affectedVersions

via CERT-FR

v3Tier A43d ago

Marked exploit as available and added new tags related to Chromium and Microsoft Edge.

exploitAvailabletags

via Microsoft MSRC

v2Tier B44d ago

Updated affected versions to include 146.0.7680.178, marked exploit as available, and added new CVE-2026-5281.

affectedVersionscweIds

via CCCS Canada

v144d ago

Initial creation