Google Warns of New Chrome Zero-Day Under Active Exploitation – Users Urged to Update Immediately - gbhackers.com

ChromeCVE/vulnerabilityCyber Security News 2 min.Read Google Warns of New Chrome Zero-Day Under Active Exploitation – Users Urged to Update Immediately By Divya April 1, 2026 Share Facebook Twitter Pinterest WhatsApp Google has released an urgent security update for its Chrome desktop browser to address 21 vulnerabilities, including a critical zero-day flaw that is actively being exploited in the wild. Users are strongly urged to update their browsers immediately to version 146.0.7680.177/.178 for Windows and Mac, or 146.0.7680.177 for Linux . Active Zero-Day Threat The most severe vulnerability patched in this release is CVE-2026-5281, a high-severity “use after free” memory flaw located within the Dawn component. Google has explicitly confirmed that an exploit for this specific vulnerability exists in the wild, indicating that threat actors are actively leveraging it in targeted attack campaigns. This type of memory corruption bug typically allows attackers to execute malicious code or trigger system crashes when a victim visits a compromised website. Alongside the urgent zero-day patch, Google resolved 20 other security flaws reported by external researchers and internal teams. The majority of these are high-severity memory safety issues, including multiple heap buffer overflows and use-after-free bugs across essential browser components like WebCodecs, ANGLE, and the V8 JavaScript engine. Google notes that these fixes were facilitated by advanced internal testing frameworks, such as AddressSanitizer and MemorySanitizer, which help catch severe flaws before they reach the stable channel. To assist security teams and administrators in tracking the latest patches, below is the complete list of all 21 disclosed CVEs addressed in this Chrome update. CVE ID Severity Description Reporter CVE-2026-5272 High Heap buffer overflow in GPU inspector-ambitious CVE-2026-5273 High Use after free in CSS Anonymous CVE-2026-5274 High Integer overflow in Codecs heapracer CVE-2026-5275 High Heap buffer overflow in ANGLE c6eed09fc8b174b0f3eebedcceb1e792 CVE-2026-5276 High Insufficient policy enforcement in WebUSB Ariel Simon CVE-2026-5277 High Integer overflow in ANGLE c6eed09fc8b174b0f3eebedcceb1e792 CVE-2026-5278 High Use after free in Web MIDI c6eed09fc8b174b0f3eebedcceb1e792 CVE-2026-5279 High Object corruption in V8 Hyeonjun Ahn CVE-2026-5280 High Use after free in WebCodecs heapracer CVE-2026-5281 High Use after free in Dawn 86ac1f1587b71893ed2ad792cd7dde32 CVE-2026-5282 High Out of bounds read in WebCodecs c6eed09fc8b174b0f3eebedcceb1e792 CVE-2026-5283 High Inappropriate implementation in ANGLE sweetchip CVE-2026-5284 High Use after free in Dawn 86ac1f1587b71893ed2ad792cd7dde32 CVE-2026-5285 High Use after free in WebGL c6eed09fc8b174b0f3eebedcceb1e792 CVE-2026-5286 High Use after free in Dawn sweetchip CVE-2026-5287 High Use after free in PDF Syn4pse CVE-2026-5288 High Use after free in WebView Google CVE-2026-5289 High Use after free in Navigation Google CVE-2026-5290 High Use after free in Compositing Google CVE-2026-5291 Medium Inappropriate implementation in WebGL heapracer CVE-2026-5292 Medium Out of bounds read in WebCodecs Google Chrome users are strongly advised to manually check for updates by navigating to their browser settings menu immediately. Organizations and security teams relying on Chrome-based platforms should prioritize deploying this patch across their environments to safeguard against remote code execution attempts. The browser will automatically apply the fix upon restarting, effectively closing the window of opportunity for threat actors. Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google. Tags cyber security Cyber Security News google Vulnerability Divya Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world. Hot this week Infosec- Resources How To Access Dark Web Anonymously and know its Secretive and Mysterious Activities June 4, 2023 1 What is Deep Web The deep web, invisible web, or... SOC Architecture How to Build and Run a Security Operations Center (SOC Guide) – 2023 June 3, 2023 12 Today’s Cyber security operations center (CSOC) should have everything... Cyber Security News Network Penetration Testing Checklist – 2025 March 2, 2025 0 Network penetration testing is a cybersecurity practice that simulates... Cyber Security News Russian Hackers Bypass EDR to Deliver a Weaponized TeamViewer Component October 18, 2023 0 TeamViewer's popularity and remote access capabilities make it an... Checklist Web Server Penetration Testing Checklist – 2026 January 6, 2026 0 Web server pentesting is performed under three significant categories: identity,... Topics AcquisitionAdobeAdwareAIAmazonAmazon AWSAMDAndroidAnti VirusAntimalwareAntispoofingANY RUNApacheAPIAppleAPTArtificial IntelligenceAvastAWSAzureBackdoorBitcoinBluetoothBotnetBrowserBuffer over flowBug BountyBusinessChatbotsChatGPTChecklistChromeCiscoCISOCISO AdvisoryCloudCloud SecurityCloudflareComputer SecurityCourseCPUCross site ScriptingcryptocurrencyCryptocurrency hackCVE/vulnerabilityCyber AdvisoryCyber AICyber AttackCyber Crimecyber securityCyber security CourseCyber Security NewsCyber Security ResourcesDark WebData BreachData GovernanceDDOSDealsDeepSeekDiscordDNSDos AttackDriveDropboxEducationEmailEmail SecurityEthical HackingExploitExploitation ToolsExtratorrentsFACEBOOKFeaturedFirefoxFirefox NewsFirewallForensics ToolsgameGenAIGitHubGitLabGmailGoogleGoogle dorksGovernanceGRCHacking BooksHacksHardware HackingHBOHTMLHTTPIBMIISIncident ResponseInformation GatheringInformation Security RisksInfosec- ResourcesInsider ThreatsInstagramMore cyber security Akira-Style Ransomware Campaign Hits Windows Users Across South America 0 A newly identified ransomware campaign is targeting Windows users... Cyber Security News Iranian Hacker Group Handal Claims Breach of Israeli Defense Firm 0 The international cybersecurity community was alerted to a major... cyber security Fake CERT-UA Site Spreads Go-Based RAT in Phishing Campaign 0 cyber security RFQ Malware Campaign Uses DOCX, RTF, JS, and Python 0 Hackers are abusing DOCX, RTF, JavaScript, PowerShell, and Python... Android NoVoice on Google Play Exploits 22 Flaws to Hit Millions of Android Users 0 NoVoice is a new Android rootkit campaign that hid... Chrome CISA Issues Alert on Chrome Zero-Day Under Active Exploitation 0 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has... Apple Apple Releases iOS 18.7.7 Update to Defend Against DarkSword Exploit 0 Apple has officially expanded the rollout of iOS 18.7.7... cyber security Axios npm Supply Chain Breach: Microsoft Shares Mitigation Steps 0 Microsoft has detailed how organizations can detect and mitigate... Related Articles Akira-Style Ransomware Campaign Hits Windows Users Across South America cyber security April 2, 2026 Iranian Hacker Group Handal Claims Breach of Israeli Defense Firm Cyber Security News April 2, 2026 Fake CERT-UA Site Spreads Go-Based RAT in Phishing Campaign cyber security April 2, 2026 RFQ Malware Campaign Uses DOCX, RTF, JS, and Python cyber security April 2, 2026 NoVoice on Google Play Exploits 22 Flaws to Hit Millions of Android Users Android April 2, 2026 Recent News Akira-Style Ransomware Campaign Hits Windows Users Across South America Mayura Kathir - April 2, 2026 Iranian Hacker Group Handal Claims Breach of Israeli Defense Firm Divya - April 2, 2026 Fake CERT-UA Site Spreads Go-Based RAT in Phishing Campaign Mayura Kathir - April 2, 2026 RFQ Malware Campaign Uses DOCX, RTF, JS, and Python Mayura Kathir - April 2, 2026 NoVoice on Google Play Exploits 22 Flaws to Hit Millions of Android Users Mayura Kathir - April 2, 2026 CISA Issues Alert on Chrome Zero-Day Under Active Exploitation Divya - April 2, 2026