Overview
- Google released Stable updates to Chrome 146.0.7680.177/178 on Windows, macOS, and Linux to fix CVE-2026-5281, which the company confirmed is being exploited in the wild.
- The bug is a use‑after‑free in Dawn, Chromium’s implementation of the WebGPU graphics and compute API, and it can enable code execution after a renderer compromise triggered by a crafted web page.
- Google is limiting technical details until most users receive the patch, so users should check for the update and restart the browser to apply protections.
- Chromium-based vendors are following suit, with Vivaldi shipping the fix and Microsoft preparing an Edge update while other browsers such as Brave and Opera are expected to roll out patches.
- This marks the fourth actively exploited Chrome zero‑day patched in 2026 and arrives in a batch that fixes 21 flaws, with credit for CVE-2026-5281 going to the pseudonymous researcher 86ac1f1587b71893ed2ad792cd7dde32.