cbcvebase.
CVE-2026-5281
published 2026-04-01

CVE-2026-5281: Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code…

PriorityP186high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2026-04-15
Exploited in the wild
EPSS
5.04%
91.2th percentile
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Affected

9 ranges
VendorProductVersion rangeFixed in
chromiumchromium>= 0 < 146.0.7680.177-1~deb12u1146.0.7680.177-1~deb12u1
chromiumchromium>= 0 < 146.0.7680.177-1~deb13u1146.0.7680.177-1~deb13u1
chromiumchromium>= 0 < 146.0.7680.177-1146.0.7680.177-1
debianchromium< chromium 146.0.7680.177-1~deb12u1 (bookworm)chromium 146.0.7680.177-1~deb12u1 (bookworm)
googlechrome< 146.0.7680.177146.0.7680.177
googlechrome>= 146.0.7680.178 < 146.0.7680.178146.0.7680.178
googlechrome_chrome
msrcmicrosoft_edge
paloaltoprisma_browser

Detection & IOCsextracted from sources · hover to see the quote

versionGoogle Chrome < 146.0.7680.178
  • Exploitation requires the attacker to have already compromised the renderer process. Monitor for renderer process anomalies (e.g., unexpected child process spawning, memory access violations) as a precursor indicator.
  • ·Google has withheld technical exploitation details and attribution to limit further abuse until patching is widespread. No specific exploit samples, hashes, or C2 infrastructure have been publicly disclosed.
  • ·The fixed versions differ by OS: 146.0.7680.177/178 for Windows and macOS, and 146.0.7680.177 for Linux. Ensure version checks in detection rules account for this platform-specific split.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
vulncheck8.8HIGH
cisa8.8HIGH
vendor_debian8.8HIGH
vendor_msrc8.8HIGH
vendor_redhat8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.