CRITICALZero Day
Global

New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released

Wednesday, April 1, 2026 at 11:42 AM UTC·Source: The Hacker News

Updated: Wednesday, April 1, 2026 at 07:13 PM UTC

Executive Summary

Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild. The high-severity vulnerability, CVE-2026-5281 (CVSS score: N/A), concerns a use-after-free bug in Dawn, an open-source and cross-platform implementation of the WebGPU standard. "Use-after-free in Dawn in Google Chrome prior

Analysis

Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild. The high-severity vulnerability, CVE-2026-5281 (CVSS score: N/A), concerns a use-after-free bug in Dawn, an open-source and cross-platform implementation of the WebGPU standard. "Use-after-free in Dawn in Google Chrome prior

Indicators of Compromise (1)

CVE (1)
CVE-2026-5281
NVDMITRE CVE
Source Attribution

Originally published by The Hacker News on Apr 1, 2026.

Related Threats

LOWZero Day

EvilTokens abuses Microsoft device code flow for account takeovers

A new phishing-as-a-service (PhaaS) campaign is abusing Microsoft’s device code authentication flow to gain unauthorized access to user accounts. Sekoia researchers first spotted the toolkit “EvilTokens” that lets attackers capture authentication tokens by tricking users into completing a legitimate login process in Microsoft’s own environment. The activity, observed since at least mid-February, r

CSO Online
CRITICALZero Day

Cybersecurity in the age of instant software

AI is rapidly changing how software is written, deployed, and used. Trends point to a future where AIs can write custom software quickly and easily: “instant software.” Taken to an extreme, it might become easier for a user to have an AI write an application on demand — a spreadsheet, for example — and delete it when you’re done using it than to buy one commercially. Future systems could include a

CSO Online
CRITICALZero Day

Hackers exploit TrueConf zero-day to push malicious software updates

Hackers have targeted TrueConf conference servers in attacks that exploit a zero-day vulnerability, allowing them to execute arbitrary files on all connected endpoints. [...]

BleepingComputer