New Chrome Zero-Day Vulnerability Actively Exploited in Attacks — Patch Now - CyberSecurityNews

Cyber Security News New Chrome Zero-Day Vulnerability Actively Exploited in Attacks — Patch Now Google has released an emergency security update for its Chrome browser, patching a zero-day vulnerability that is already being actively exploited in the wild. The Stable channel has been updated to version 146.0.7680.177/178 for Windows and Mac, and 146.0.7680.177 for Linux, with the rollout expected to reach all users over the coming days and weeks. The actively exploited vulnerability, tracked as CVE-2026-5281, is a use-after-free vulnerability in Dawn Chrome’s cross-platform GPU abstraction layer used to implement WebGPU. Use-after-free bugs occur when a program continues to reference freed memory, potentially allowing attackers to execute arbitrary code or escape the browser sandbox. Google has officially confirmed active exploitation, stating it “is aware that an exploit for CVE-2026-5281 exists in the wild.” The flaw was discovered and reported by an anonymous researcher on March 10, 2026. Vulnerability details and technical specifics remain restricted until a majority of users have received the patch, a standard practice Google follows to limit exploit replication. Patch for 21 Security Vulnerabilities Beyond the zero-day, this update delivers a sweeping set of 21 security fixes, an unusually large batch that signals significant internal security activity. Of those, 19 are rated High severity and span a wide range of Chrome subsystems. Notable vulnerabilities patched in this release include: CVE-2026-5273 — Use after free in CSS (reported March 18) CVE-2026-5272 — Heap buffer overflow in GPU (reported March 11) CVE-2026-5274 — Integer overflow in Codecs (reported March 1) CVE-2026-5275 — Heap buffer overflow in ANGLE (reported March 4) CVE-2026-5276 — Insufficient policy enforcement in WebUSB (reported March 4) CVE-2026-5278 — Use after free in Web MIDI (reported March 6) CVE-2026-5279 — Object corruption in V8 (reported March 8) CVE-2026-5280 — Use after free in WebCodecs (reported March 11) CVE-2026-5284 — Use after free in Dawn (reported March 12) CVE-2026-5285 — Use after free in WebGL (reported March 13) CVE-2026-5287 — Use after free in PDF (reported March 21) CVE-2026-5288 — Use after free in WebView (reported by Google, March 23) CVE-2026-5289 — Use after free in Navigation (reported by Google, March 25) CVE-2026-5290 — Use after free in Compositing (reported by Google, March 25) The sheer concentration of use-after-free bugs spanning Dawn, WebGL, WebCodecs, Web MIDI, WebView, Navigation, and Compositing highlights ongoing memory safety challenges in browser rendering pipelines. Three of the high-severity patches were reported directly by Google’s internal security teams, suggesting some were identified through proactive threat hunting rather than external disclosure. All Chrome users running versions prior to 146.0.7680.177 on Linux or 146.0.7680.178 on Windows and Mac are potentially exposed. Given the confirmed in-the-wild exploitation of CVE-2026-5281, enterprise users and security teams should treat this update as a critical priority patch. To update Chrome immediately, navigate to Menu (⋮) → Help → About Google Chrome. The browser will automatically check for and apply the latest update, then prompt a restart to complete the process. Organizations managing Chrome deployments via policy should push the update through their endpoint management platforms without delay. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. Guru Baran Gurubaran is the Co-Founder and Editor-in-Chief of CyberSecurityNews.com, specializing in vulnerability analysis, malware research, ransomware, and computer forensics. Previous « HSBC India Asks Customers to use All-Uppercase Passwords Share Published by Guru Baran Tags: cyber securitycyber security newsvulnerability 3 minutes ago Related Post HSBC India Asks Customers to use All-Uppercase Passwords Cisco Source Code and Data Leak Allegedly Claimed by ShinyHunters Recent Posts Cyber Security News HSBC India Asks Customers to use All-Uppercase Passwords Beginning April 6, 2026, HSBC India will require its internet banking customers to enter their… 24 minutes ago Cyber Security News Hackers Use EtherRAT and EtherHiding to Hide Malware Infrastructure on Ethereum A sophisticated backdoor called EtherRAT is actively targeting organizations across multiple sectors by hiding its… 36 minutes ago Cyber Security News Hackers Push CrystalX Malware-as-a-Service Through Telegram With Stealer and RAT Features A new and dangerous piece of malware has surfaced and is being marketed openly to… 1 hour ago Cyber Security News Hackers Hijack Hotel Booking Workflows to Scam Guests With Fake Payment Requests Travelers across the world are being targeted by a fast-growing fraud scheme that turns their… 2 hours ago Cyber Security News Cisco Source Code and Data Leak Allegedly Claimed by ShinyHunters The notorious cybercriminal group ShinyHunters has allegedly claimed responsibility for three separate data breaches targeting… 2 hours ago Press Release Cybersecurity Firm TAC Security Hits 10,000 Clients, Enters Top 5 in Global VM & AppSec New York, New York, April 1st, 2026, CyberNewswire TAC Infosec, a global leader in cybersecurity… 2 hours ago L