New Chrome Zero-Day Vulnerability Under Active Exploitation – Patch Now - cyberpress.org

New Chrome Zero-Day Vulnerability Under Active Exploitation – Patch Now By AnuPriya April 1, 2026 Categories: Cyber Security NewsCybersecurity Google has pushed an urgent security update for its Chrome desktop browser to fix 21 vulnerabilities, including a critical zero-day flaw that is already being actively exploited in the wild. All Chrome users are strongly urged to update immediately. Targeted Version The patched version is 146.0.7680.177/.178 for Windows and Mac, and 146.0.7680.177 for Linux. Users can update by navigating to Chrome Menu → Help → About Google Chrome, where the browser will automatically download and apply the fix upon restart. The most dangerous flaw patched in this release is CVE-2026-5281, a high-severity “use after free” memory corruption bug found in Chrome’s Dawn graphics component. Google has officially confirmed that an active exploit exists in the wild, meaning threat actors are already using it in targeted attack campaigns. Use-after-free bugs occur when a program continues to use a memory pointer after that memory has been freed. Attackers can exploit this to execute arbitrary malicious code or trigger system crashes, often simply by luring a victim to visit a compromised or malicious website. 20 Additional High-Severity Fixes Alongside the zero-day, Google patched 20 other vulnerabilities reported by external security researchers and internal teams. The majority are high-severity memory safety issues, including: Heap buffer overflows in GPU and ANGLE Use-after-free bugs in CSS, Web MIDI, WebCodecs, WebGL, Dawn, PDF, WebView, Navigation, and Compositing Integer overflows in Codecs and ANGLE Object corruption in the V8 JavaScript engine Out-of-bounds reads in WebCodecs Insufficient policy enforcement in WebUSB These fixes were aided by Google’s internal testing tools AddressSanitizer and MemorySanitizer, which detect memory corruption vulnerabilities before they reach stable releases. CVE ID Severity Component Issue Type CVE-2026-5272 High GPU Heap buffer overflow CVE-2026-5273 High CSS Use after free CVE-2026-5274 High Codecs Integer overflow CVE-2026-5275 High ANGLE Heap buffer overflow CVE-2026-5276 High WebUSB Insufficient policy enforcement CVE-2026-5277 High ANGLE Integer overflow CVE-2026-5278 High Web MIDI Use after free CVE-2026-5279 High V8 Object corruption CVE-2026-5280 High WebCodecs Use after free CVE-2026-5281 High Dawn Use after free (Zero-Day) CVE-2026-5282 High WebCodecs Out of bounds read CVE-2026-5283 High ANGLE Inappropriate implementation CVE-2026-5284 High Dawn Use after free CVE-2026-5285 High WebGL Use after free CVE-2026-5286 High Dawn Use after free CVE-2026-5287 High PDF Use after free CVE-2026-5288 High WebView Use after free CVE-2026-5289 High Navigation Use after free CVE-2026-5290 High Compositing Use after free CVE-2026-5291 Medium WebGL Inappropriate implementation CVE-2026-5292 Medium WebCodecs Out of bounds read Security teams and enterprise administrators should prioritize deploying this patch across all Chrome-based environments immediately to block remote code execution attempts. The browser will automatically apply the update upon a simple restart, effectively closing the exploitation window for attackers. Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google Share Facebook Twitter Pinterest WhatsApp AnuPriya Any Priya is a cybersecurity reporter at Cyber Press, specializing in cyber attacks, dark web monitoring, data breaches, vulnerabilities, and malware. She delivers in-depth analysis on emerging threats and digital security trends. Recent Articles Microsoft to Remove EXIF Data from Images Shared on Teams Cyber Security News April 1, 2026 Cisco Source Code and Data Leak Allegedly Claimed by ShinyHunters Cyber Security News April 1, 2026 Public PoC Exploit Released for nginx-ui Backup Restore Vulnerability Cyber Security News April 1, 2026 New CrySome RAT Malware Features AV Killer and HVNC Modules Cyber Security News April 1, 2026 ClickFix Campaign Abuses Rundll32 and WebDAV To Bypass PowerShell Defenses Cyber Security News April 1, 2026 Related Stories Cyber Security News Microsoft to Remove EXIF Data from Images Shared on Teams AnuPriya - April 1, 2026 Cyber Security News Cisco Source Code and Data Leak Allegedly Claimed by ShinyHunters AnuPriya - April 1, 2026 Cyber Security News Public PoC Exploit Released for nginx-ui Backup Restore Vulnerability AnuPriya - April 1, 2026 Cyber Security News New CrySome RAT Malware Features AV Killer and HVNC Modules Varshini - April 1, 2026 Cyber Security News ClickFix Campaign Abuses Rundll32 and WebDAV To Bypass PowerShell Defenses Varshini - April 1, 2026 APT TA446 Hackers Launch DarkSword Attacks On iOS Devices Varshini - April 1, 2026 LEAVE A REPLY Comment: Name:* Email:* Website: