Google Warns of New Chrome Zero-Day Under Active Exploitation — Users Urged to Update Immediately

Google has released an urgent security update for Chrome desktop (version 146.0.7680.177/.178 for Windows/Mac, 146.0.7680.177 for Linux) to patch 21 vulnerabilities, including a critical zero-day flaw actively exploited in the wild.

Active Zero-Day Threat

The most severe vulnerability is CVE-2026-5281, a high-severity “use after free” memory flaw in the Dawn component. Google confirmed active exploitation in targeted attacks.

This bug allows attackers to execute malicious code or crash systems when victims visit compromised sites.

Google also fixed 20 other high-severity memory safety issues (heap buffer overflows, use-after-free) in components like WebCodecs, ANGLE, and V8, enabled by AddressSanitizer/MemorySanitizer.

For tracking, see the full CVE list below.

CVE ID Severity Description Reporter
CVE-2026-5272 High Heap buffer overflow in GPU inspector-ambitious
CVE-2026-5273 High Use after free in CSS Anonymous
CVE-2026-5274 High Integer overflow in Codecs heapracer
CVE-2026-5275 High Heap buffer overflow in ANGLE c6eed09fc8b174b0f3eebedcceb1e792
CVE-2026-5276 High Insufficient policy enforcement in WebUSB Ariel Simon
CVE-2026-5277 High Integer overflow in ANGLE c6eed09fc8b174b0f3eebedcceb1e792
CVE-2026-5278 High Use after free in Web MIDI c6eed09fc8b174b0f3eebedcceb1e792
CVE-2026-5279 High Object corruption in V8 Hyeonjun Ahn
CVE-2026-5280 High Use after free in WebCodecs heapracer
CVE-2026-5281 High Use after free in Dawn 86ac1f1587b71893ed2ad792cd7dde32
CVE-2026-5282 High Out of bounds read in WebCodecs c6eed09fc8b174b0f3eebedcceb1e792
CVE-2026-5283 High Inappropriate implementation in ANGLE sweetchip
CVE-2026-5284 High Use after free in Dawn 86ac1f1587b71893ed2ad792cd7dde32
CVE-2026-5285 High Use after free in WebGL c6eed09fc8b174b0f3eebedcceb1e792
CVE-2026-5286 High Use after free in Dawn sweetchip
CVE-2026-5287 High Use after free in PDF Syn4pse
CVE-2026-5288 High Use after free in WebView Google
CVE-2026-5289 High Use after free in Navigation Google
CVE-2026-5290 High Use after free in Compositing Google
CVE-2026-5291 Medium Inappropriate implementation in WebGL heapracer
CVE-2026-5292 Medium Out of bounds read in WebCodecs Google

Chrome users should update immediately. Organizations must deploy this patch to protect against potential remote code execution attempts.

The fix takes effect on restart.

Related Articles

Back to top button