New Chrome Zero-Day Vulnerability Under Active Exploitation – Patch Now - cyberpress.org

New Chrome Zero-Day Vulnerability Under Active Exploitation – Patch Now By AnuPriya April 1, 2026 Categories: Cyber Security NewsCybersecurity Google has pushed an urgent security update for its Chrome desktop browser to fix 21 vulnerabilities, including a critical zero-day flaw that is already being actively exploited in the wild. All Chrome users are strongly urged to update immediately. Targeted Version The patched version is 146.0.7680.177/.178 for Windows and Mac, and 146.0.7680.177 for Linux. Users can update by navigating to Chrome Menu → Help → About Google Chrome, where the browser will automatically download and apply the fix upon restart. The most dangerous flaw patched in this release is CVE-2026-5281, a high-severity “use after free” memory corruption bug found in Chrome’s Dawn graphics component. Google has officially confirmed that an active exploit exists in the wild, meaning threat actors are already using it in targeted attack campaigns. Use-after-free bugs occur when a program continues to use a memory pointer after that memory has been freed. Attackers can exploit this to execute arbitrary malicious code or trigger system crashes, often simply by luring a victim to visit a compromised or malicious website. 20 Additional High-Severity Fixes Alongside the zero-day, Google patched 20 other vulnerabilities reported by external security researchers and internal teams. The majority are high-severity memory safety issues, including: Heap buffer overflows in GPU and ANGLE Use-after-free bugs in CSS, Web MIDI, WebCodecs, WebGL, Dawn, PDF, WebView, Navigation, and Compositing Integer overflows in Codecs and ANGLE Object corruption in the V8 JavaScript engine Out-of-bounds reads in WebCodecs Insufficient policy enforcement in WebUSB These fixes were aided by Google’s internal testing tools AddressSanitizer and MemorySanitizer, which detect memory corruption vulnerabilities before they reach stable releases. CVE ID Severity Component Issue Type CVE-2026-5272 High GPU Heap buffer overflow CVE-2026-5273 High CSS Use after free CVE-2026-5274 High Codecs Integer overflow CVE-2026-5275 High ANGLE Heap buffer overflow CVE-2026-5276 High WebUSB Insufficient policy enforcement CVE-2026-5277 High ANGLE Integer overflow CVE-2026-5278 High Web MIDI Use after free CVE-2026-5279 High V8 Object corruption CVE-2026-5280 High WebCodecs Use after free CVE-2026-5281 High Dawn Use after free (Zero-Day) CVE-2026-5282 High WebCodecs Out of bounds read CVE-2026-5283 High ANGLE Inappropriate implementation CVE-2026-5284 High Dawn Use after free CVE-2026-5285 High WebGL Use after free CVE-2026-5286 High Dawn Use after free CVE-2026-5287 High PDF Use after free CVE-2026-5288 High WebView Use after free CVE-2026-5289 High Navigation Use after free CVE-2026-5290 High Compositing Use after free CVE-2026-5291 Medium WebGL Inappropriate implementation CVE-2026-5292 Medium WebCodecs Out of bounds read Security teams and enterprise administrators should prioritize deploying this patch across all Chrome-based environments immediately to block remote code execution attempts. The browser will automatically apply the update upon a simple restart, effectively closing the exploitation window for attackers. Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google Share Facebook Twitter Pinterest WhatsApp AnuPriya Any Priya is a cybersecurity reporter at Cyber Press, specializing in cyber attacks, dark web monitoring, data breaches, vulnerabilities, and malware. She delivers in-depth analysis on emerging threats and digital security trends. Recent Articles New Cisco Network Flaw Lets Remote Attackers Trigger DoS Attacks Cyber Security News May 7, 2026 28 Fake Call History Apps Hit 7.3M Downloads On Google Play Android May 7, 2026 Critical WatchGuard Agent Flaws Allow Attackers to Gain Full SYSTEM Privileges Cyber Security News May 7, 2026 Critical Redis Vulnerabilities Enable Remote Code Execution Attacks Cyber Security News May 7, 2026 Critical Palo Alto Networks PAN-OS Vulnerability Exploited to Gain Root Access Cyber Security News May 7, 2026 Related Stories Cyber Security News New Cisco Network Flaw Lets Remote Attackers Trigger DoS Attacks AnuPriya - May 7, 2026 Android 28 Fake Call History Apps Hit 7.3M Downloads On Google Play Varshini - May 7, 2026 Cyber Security News Critical WatchGuard Agent Flaws Allow Attackers to Gain Full SYSTEM Privileges AnuPriya - May 7, 2026 Cyber Security News Critical Redis Vulnerabilities Enable Remote Code Execution Attacks AnuPriya - May 7, 2026 Cyber Security News Critical Palo Alto Networks PAN-OS Vulnerability Exploited to Gain Root Access AnuPriya - May 7, 2026 Cyber Security News Anthropic Partners With SpaceX to Expand Compute Capacity AnuPriya - May 7, 2026 LEAVE A REPLY Comment: Name:* Email:* Website: