CVE-2026-5281
published 2026-04-01CVE-2026-5281: Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code…
PriorityP186high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2026-04-15
Exploited in the wild
EPSS
5.04%
91.2th percentile
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chromium | chromium | >= 0 < 146.0.7680.177-1~deb12u1 | 146.0.7680.177-1~deb12u1 |
| chromium | chromium | >= 0 < 146.0.7680.177-1~deb13u1 | 146.0.7680.177-1~deb13u1 |
| chromium | chromium | >= 0 < 146.0.7680.177-1 | 146.0.7680.177-1 |
| debian | chromium | < chromium 146.0.7680.177-1~deb12u1 (bookworm) | chromium 146.0.7680.177-1~deb12u1 (bookworm) |
| chrome | < 146.0.7680.177 | 146.0.7680.177 | |
| chrome | >= 146.0.7680.178 < 146.0.7680.178 | 146.0.7680.178 | |
| chrome_chrome | — | — | |
| msrc | microsoft_edge | — | — |
| paloalto | prisma_browser | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploitation requires the attacker to have already compromised the renderer process. Monitor for renderer process anomalies (e.g., unexpected child process spawning, memory access violations) as a precursor indicator. ↗
- ·Google has withheld technical exploitation details and attribution to limit further abuse until patching is widespread. No specific exploit samples, hashes, or C2 infrastructure have been publicly disclosed. ↗
- ·The fixed versions differ by OS: 146.0.7680.177/178 for Windows and macOS, and 146.0.7680.177 for Linux. Ensure version checks in detection rules account for this platform-specific split. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
vulncheck8.8HIGH
cisa8.8HIGH
vendor_debian8.8HIGH
vendor_msrc8.8HIGH
vendor_redhat8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
PAN-SA-2026-0007 Chromium and Prisma Browser: Monthly Vulnerability Update (May 2026)
vendor_paloalto·2026-05-13·CVSS 8.8
CVE-2026-4439 [HIGH] PAN-SA-2026-0007 Chromium and Prisma Browser: Monthly Vulnerability Update (May 2026)
PAN-SA-2026-0007 Chromium and Prisma Browser: Monthly Vulnerability Update (May 2026)
Palo Alto Networks incorporated the following Chromium security fixes into our products: https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_22.html https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html CVE Summary CVE-2026-4439 Out of bounds memory access in WebGL CVE-2026-4440 Out of bounds read and write in WebGL CVE-2026-4441 Use after free in Base CVE-2026-4442 Heap buffer overflow in
Palo Alto
PAN-SA-2026-0004 Chromium: Monthly Vulnerability Update (April 2026)
vendor_paloalto·2026-04-08·CVSS 8.8
[HIGH] PAN-SA-2026-0004 Chromium: Monthly Vulnerability Update (April 2026)
PAN-SA-2026-0004 Chromium: Monthly Vulnerability Update (April 2026)
Palo Alto Networks incorporated the following Chromium security fixes into our products: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_23.html https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_13.html https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html CVE Summary CVE-2026-2648 Heap buffer overflow in PDFium CVE-2026-2649 Integer overflow in V8 CVE-2026-2650 Heap
Microsoft
Chromium: CVE-2026-5281 Use after free in Dawn
vendor_msrc·2026-04-02·CVSS 8.8
CVE-2026-5281 [HIGH] Chromium: CVE-2026-5281 Use after free in Dawn
Chromium: CVE-2026-5281 Use after free in Dawn
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware that an exploit for CVE-2026-5281 exists in the wild.
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
CISA
Google Dawn Use-After-Free Vulnerability
cisa·2026-04-01·CVSS 8.8
CVE-2026-5281 [HIGH] CWE-416 Google Dawn Use-After-Free Vulnerability
Vulnerability: Google Dawn Use-After-Free Vulnerability
Affected: Google Dawn
Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability could affect multiple Chromium-based products including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: This vulnerability affects an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://chromerelease
Chrome
Stable Channel Update for Desktop: CVE-2026-5281
vendor_chrome·2026-03-31·CVSS 8.8
CVE-2026-5281 [HIGH] Stable Channel Update for Desktop: CVE-2026-5281
Stable Channel Update for Desktop
CVE-2026-5281: Use after free in Dawn. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-10 [TBD][ 491655161 ] High CVE-2026-5282: Out of bounds read in WebCodecs
Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-11 [TBD][ 492131521 ] High CVE-2026-5283: Inappropriate implementation in ANGLE
Severity: high
Red Hat
chromium-browser: Use after free in Dawn
vendor_redhat·2026-03-31·CVSS 8.8
CVE-2026-5281 [HIGH] CWE-825 chromium-browser: Use after free in Dawn
chromium-browser: Use after free in Dawn
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
An use after free flaw was found in the Dawn component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=491518608
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Debian
CVE-2026-5281: chromium - Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote...
vendor_debian·2026·CVSS 8.8
CVE-2026-5281 [HIGH] CVE-2026-5281: chromium - Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote...
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Scope: local
bookworm: resolved (fixed in 146.0.7680.177-1~deb12u1)
bullseye: open
forky: resolved (fixed in 146.0.7680.177-1)
sid: resolved (fixed in 146.0.7680.177-1)
trixie: resolved (fixed in 146.0.7680.177-1~deb13u1)
OSV
CVE-2026-5281: Use after free in Dawn in Google Chrome prior to 146
osv·2026-04-01·CVSS 8.8
CVE-2026-5281 [HIGH] CVE-2026-5281: Use after free in Dawn in Google Chrome prior to 146
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
GHSA
GHSA-xf76-839h-pfpm: Use after free in Dawn in Google Chrome prior to 146
ghsa_unreviewed·2026-04-01
CVE-2026-5281 [HIGH] CWE-416 GHSA-xf76-839h-pfpm: Use after free in Dawn in Google Chrome prior to 146
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
VulnCheck
Google Dawn Use-After-Free Vulnerability
vulncheck·2026·CVSS 8.8
CVE-2026-5281 [HIGH] CWE-416 Google Dawn Use-After-Free Vulnerability
Google Dawn Use-After-Free Vulnerability
Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability could affect multiple Chromium-based products including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Affected: Google Dawn
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html; https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cisa.gov/sites/d
No detection rules found.
No public exploits indexed.
Hackernews
⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More
blogs_hackernews·2026-06-15·CVSS 8.8
CVE-2026-11645 [HIGH] ⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More
Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod.
This week is the same lesson in a new form: phishing kits are easier to rent, AI names are useful bait, old login paths still fail, and forgotten software keeps becoming someone else's entry point.
Scroll through the full Monday Cybersecurity Recap below for the news, tools, webinars, and fixes worth your time this week.
## ⚡ Threat of the Week
Google Patches Actively Exploited Chrome 0-Day - G
Bleepingcomputer
Google patches new Chrome zero-day flaw exploited in the wild
blogs_bleepingcomputer·2026-06-09·CVSS 8.8
CVE-2026-11645 [HIGH] Google patches new Chrome zero-day flaw exploited in the wild
## Google patches new Chrome zero-day flaw exploited in the wild
## Sergiu Gatlan
While Google says the security update could take days or weeks to reach all Chrome users, the update was available immediately when BleepingComputer checked for updates earlier today.
Users who prefer not to manually update their web browser can rely on Chrome to automatically check for updates and install them during the next launch.
This high-severity zero-day vulnerability ( CVE-2026-11645 ) stems from an out-of-bounds read and write weakness in the Chrome V8 JavaScript engine, which remote attackers can exploit via crafted HTML pages to execute arbitrary code inside the web browser's sandbox.
Successful exploitation enables them to access data beyond the memory buffer via heap corruption, exposing s
Hackernews
Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now
blogs_hackernews·2026-06-09·CVSS 8.8
CVE-2026-11645 [HIGH] Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now
Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild.
The high-severity vulnerability, tracked as CVE-2026-11645 (CVSS score: 8.8), has been described as an out-of-bounds memory access in V8, Chrome's JavaScript and WebAssembly engine.
"Out-of-bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page," reads a description of the flaw in the NIST's National Vulnerability Datab
Krebs
Patch Tuesday, April 2026 Edition
blogs_krebs·2026-04-14·CVSS 6.5
CVE-2026-3220 [MEDIUM] Patch Tuesday, April 2026 Edition
Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed “ BlueHammer .” Separately, Google Chrome fixed its fourth zero-day of 2026, and an emergency update for Adobe Reader nixes an actively exploited flaw that can lead to remote code execution.
Redmond warns that attackers are already targeting CVE-2026-32201 , a vulnerability in Microsoft SharePoint Server that allows attackers to spoof trusted content or interfaces over a network.
Mike Walters , president and co-founder of Action1 , said CVE-2026-32201 can be used to deceive employees, partners, or customers by presenting falsified information withi
Sans Isc
Microsoft Patch Tuesday April 2026., (Tue, Apr 14th)
blogs_sans_isc·2026-04-14·CVSS 8.8
[HIGH] Microsoft Patch Tuesday April 2026., (Tue, Apr 14th)
Microsoft Patch Tuesday April 2026.
Published: 2026-04-14. Last Updated: 2026-04-14 17:46:09 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)
This month's Microsoft Patch Tuesday looks like a record one, but let's look at it a bit closer to understand what is happening
The update patches a total of 243 vulnerabilities. However, 78 of them are Chromium issues affecting Microsoft Edge. Patches for Edge were released earlier. This leaves 165 vulnerabilities that are not Edge-related. Of these, 8 are rated critical, and 154 are important. One vulnerability has already been exploited, and another was made public before today but has not yet been seen in the wild.
Noteworthy Vulnerabilities:
CVE-2026-33827 (Windows TCP/IP Remote Code Execution Vulnerability): As a packet nerd, I love thes
Hackernews
⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More
blogs_hackernews·2026-04-06
⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More
This week had real hits. The key software got tampered with. Active bugs showed up in the tools people use every day. Some attacks didn’t even need much effort because the path was already there.
One weak spot now spreads wider than before. What starts small can reach a lot of systems fast. New bugs, faster use, less time to react.
That’s this week. Read through it.
## ⚡ Threat of the Week
Axios npm Package Compromised by N. Korean Hackers —Threat actors with ties to North Korea seized control of the npm account belonging to the lead m
Checkpoint
6th April – Threat Intelligence Report
blogs_checkpoint·2026-04-06
CVE-2026-20093 6th April – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 6th April – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 30th March, please download our Threat Intelligence Bulletin.
TOP ATTACKS AND BREACHES
The European Commission, the European Union’s executive body, has confirmed a data breach after its Europa.eu platform was compromised through a third-party exchange linked to the Trivy supply chain attack. The incident affected at least one Amazon Web Services account and resulted in data theft, while websites and internal sys
Sentinelone
The Good, the Bad and the Ugly in Cybersecurity – Week 14
blogs_sentinelone·2026-04-03
The Good, the Bad and the Ugly in Cybersecurity – Week 14
## The Good | SentinelOne AI EDR Stops LiteLLM Supply Chain Attack in Real Time
This week, SentinelOne demonstrated how autonomous, AI-driven endpoint protection can detect and stop sophisticated supply chain attacks in real time, without human intervention . On the same day the attack was launched, Singularity Platform identified and blocked a trojanized version of LiteLLM, an increasingly popular proxy for LLM API calls, before it could execute across multiple customer environments. The compromise had occurred only hours earlier, yet the platform prevented execution instantly, without requiring analyst input, signatures, or manual triage.
The attack itself followed a multi-stage, fast-moving, pattern that is designed to evade traditional detection and manual workflows. Originating from
Hackernews
New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released
blogs_hackernews·2026-04-01·CVSS 8.8
CVE-2026-5281 [HIGH] New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released
Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild.
The high-severity vulnerability, CVE-2026-5281 (CVSS score: N/A), concerns a use-after-free bug in Dawn , an open-source and cross-platform implementation of the WebGPU standard.
"Use-after-free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page," according to a de
Wiz
CVE-2026-5281 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-5281 [HIGH] CVE-2026-5281 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5281 :
vulnerability analysis and mitigation
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Source : NVD
## 8.8
Score
Published April 1, 2026
Severity HIGH
CNA Score 8.8
Has Public Exploit Yes
Has CISA KEV Exploit Yes
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 87.1
Exploitation Probability (EPSS) 3.3
Affected packages and libraries
cpe:2.3:a:google:chrome
chromium-debuginfo
Sources
Debian 11 Severity HIGH No Fix Added at: Apr 02, 2026
Debian 12, 13, 14 Severity HIGH Has Fix Added at: Apr 02, 2026
Echo Severity HIGH Has Fix Added at: Apr 02,
Bugzilla
CVE-2026-5281 chromium: Use after free in Dawn [epel-all]
bugzilla·2026-04-01·CVSS 8.8
CVE-2026-5281 [HIGH] CVE-2026-5281 chromium: Use after free in Dawn [epel-all]
CVE-2026-5281 chromium: Use after free in Dawn [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
It's fixed in https://bodhi.fedoraproject.org/updates/?search=chromium-146.0.7680.177
Bugzilla
CVE-2026-5281 chromium: Use after free in Dawn [fedora-all]
bugzilla·2026-04-01·CVSS 8.8
CVE-2026-5281 [HIGH] CVE-2026-5281 chromium: Use after free in Dawn [fedora-all]
CVE-2026-5281 chromium: Use after free in Dawn [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
It's fixed in https://bodhi.fedoraproject.org/updates/?search=chromium-146.0.7680.177
2026-04-01
Published
2026-04-01
Added to CISA KEV
Exploited in the wild