Google Chrome Zero-Day - Critical Vulnerability Fixed, Active Exploitation Confirmed
Google found a serious flaw in its Chrome browser that hackers are already using to break in. They've fixed it quickly, but you need to update your browser to stay safe. This update also fixes a bunch of other problems, so it's important to do it right away.
Google has patched a critical zero-day vulnerability in Chrome that is actively exploited, along with 20 other security fixes.
Google has fixed 21 vulnerabilities affecting its popular Chrome browser, including a critical zero-day vulnerability (CVE-2026-5281) that is currently being actively exploited in the wild. This vulnerability is a use-after-free (UAF) flaw in Dawn, Chrome's cross-platform GPU abstraction layer used for implementing WebGPU. According to Google, the exploit allows a remote attacker to execute arbitrary code via a specially crafted HTML page. The update has been rolled out to the Stable channel, bringing Chrome versions to 146.0.7680.177/178 for Windows and Mac, and 146.0.7680.177 for Linux. Google confirmed that it is aware of active exploitation of CVE-2026-5281, which was reported by an anonymous researcher on March 10, 2026. Details about the exploit remain limited to prevent further replication until a majority of users have installed the patch.
In addition to this zero-day, the update addresses 20 other vulnerabilities, with 19 rated as High severity. Notable vulnerabilities include various use-after-free bugs across different Chrome subsystems such as CSS, WebGL, and WebCodecs, highlighting ongoing memory safety challenges in browser rendering pipelines. The concentration of use-after-free vulnerabilities suggests significant internal security activity, with some vulnerabilities reportedly identified by Google's internal security teams. Users are urged to update their browsers immediately, either through manual updates or by restarting the browser if auto-updating is enabled.