Am I affected by CVE-2026-5281?

Google Chrome prior to 146.0.7680.177/178 (Windows/macOS) or 146.0.7680.177 (Linux). All Chromium-based browsers are affected.

How do I fix CVE-2026-5281?

Update Chrome to 146.0.7680.177/178. Verify auto-update is enabled and not blocked by group policy. Push updates via enterprise management tools. Apply Chromium-based browser patches from Microsoft, Brave, and others as they release.

Google patches fourth Chrome zero-day of 2026 - WebGPU flaw exploited in the wild (CVE-2026-5281)

vulnerability

CVE-2026-5281

2026-04-01

Google patches fourth Chrome zero-day of 2026 - WebGPU flaw exploited in the wild (CVE-2026-5281)

Google pushed an emergency Chrome update to fix a use-after-free bug in Dawn, the engine behind Chrome's WebGPU graphics standard. CVE-2026-5281 is already being exploited - an attacker who has compromised the browser's renderer process can use a crafted HTML page to execute arbitrary code, potentially escaping Chrome's sandbox. This is the fourth actively exploited Chrome zero-day in 2026, and the third targeting graphics or rendering subsystems. CISA added it to the KEV catalog with an April 15 deadline.

Check: Update Chrome immediately on all managed endpoints. Also check Edge, Brave, Opera, and Vivaldi - they share the same Chromium codebase.
Affected: Google Chrome prior to 146.0.7680.177/178 (Windows/macOS) or 146.0.7680.177 (Linux). All Chromium-based browsers are affected.
Fix: Update Chrome to 146.0.7680.177/178. Verify auto-update is enabled and not blocked by group policy. Push updates via enterprise management tools. Apply Chromium-based browser patches from Microsoft, Brave, and others as they release.