Google on Thursday launched security updates for its Chrome net browser to deal with 21 vulnerabilities, together with a zero-day flaw that it mentioned has been exploited within the wild.
The high-severity vulnerability, CVE-2026-5281 (CVSS rating: N/A), issues a use-after-free bug in Daybreak, an open-source and cross-platform implementation of the WebGPU customary.
“Use-after-free in Daybreak in Google Chrome previous to 146.0.7680.178 allowed a distant attacker who had compromised the renderer course of to execute arbitrary code through a crafted HTML web page,” in line with an outline of the flaw within the NIST’s Nationwide Vulnerability Database (NVD).
As is customary for these alerts, Google didn’t present any additional particulars on how the shortcoming is being exploited and who could also be behind the trouble. That is sometimes performed in order to make sure that a majority of customers are up to date with a repair and forestall different actors from becoming a member of the exploitation bandwagon.
“Google is conscious that an exploit for CVE-2026-5281 exists within the wild,” the corporate acknowledged.
The event arrives merely after Google shipped fixes for 2 high-severity flaws (CVE-2026-3909 and CVE-2026-3910) that have been exploited as zero-days. In February, the tech large additionally addressed an actively exploited use-after-free bug in Chrome’s CSS part (CVE-2026-2441). In whole, Google has patched a complete of 4 actively weaponized Chrome zero-days because the begin of the yr.
For optimum safety, customers are suggested to replace their Chrome browser to variations 146.0.7680.177/178 for Home windows and Apple macOS, and 146.0.7680.177 for Linux. To verify the most recent updates are put in, customers can navigate to Extra > Assist > About Google Chrome and choose Relaunch.
Customers of different Chromium-based browsers, reminiscent of Microsoft Edge, Courageous, Opera, and Vivaldi, are additionally suggested to use the fixes as and once they change into out there.
