Google fixes fourth Chrome zero-day exploited in attacks in 2026

Key Points:

• Google released an emergency update to fix a fourth actively exploited Chrome zero-day vulnerability this year, identified as CVE-2026-5281, related to a use-after-free flaw in Dawn, the WebGPU implementation in Chromium.
• The vulnerability can cause browser crashes, data corruption, rendering issues, or other abnormal behaviors, and Google confirmed that threat actors have been exploiting it in the wild.
• The update is available for Windows, macOS (versions 146.0.7680.177/178), and Linux (146.0.7680.177) users in the Stable Desktop channel, with automatic updates rolling out over days or weeks.
• Google has previously patched three other zero-day Chrome vulnerabilities this year, including bugs in CSSFontFeatureValuesMap, the Skia 2D graphics library, and the V8 JavaScript and WebAssembly engine, all of which were actively exploited.
• Details about the exploits remain restricted to protect users until most have updated, and Google encourages users to update Chrome promptly to mitigate risks.