High severity8.8CISA KEVNVD Advisory· Published Apr 1, 2026· Updated Apr 2, 2026
CVE-2026-5281
CVE-2026-5281
Description
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- osv-coords2 versionspkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweed
< 146.0.7680.177-bp160.1.1+ 1 more
- (no CPE)range: < 146.0.7680.177-bp160.1.1
- (no CPE)range: < 146.0.7680.177-1.1
Patches
Vulnerability mechanics
References
3- chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.htmlnvdVendor Advisory
- issues.chromium.org/issues/491518608nvdIssue TrackingPermissions Required
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
10- ⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and MoreThe Hacker News · Jun 15, 2026
- Google Chrome 0-Day Vulnerability Exploited in the Wild — Update NowCyber Security News · Jun 9, 2026
- Chrome's zero-day Whac-A-Mole continues with fifth exploited bug of the yearThe Register Security · Jun 9, 2026
- Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch NowThe Hacker News · Jun 9, 2026
- Google patches Chrome zero-day exploited in the wild (CVE-2026-11645)Help Net Security · Jun 9, 2026
- Google patches new Chrome zero-day flaw exploited in the wildBleepingComputer · Jun 9, 2026
- Google Patches 5th Chrome Zero-Day Exploited in 2026SecurityWeek · Jun 9, 2026
- Patch Tuesday, April 2026 EditionKrebs on Security · Apr 14, 2026
- 6th April – Threat Intelligence ReportCheck Point Research · Apr 6, 2026
- The Good, the Bad and the Ugly in Cybersecurity – Week 14SentinelOne Labs · Apr 3, 2026