"Google is aware that an exploit for CVE-2026-5281 exists in the wild. These types of vulnerabilities are often exploited for sandbox escapes or arbitrary code execution."
"The company has credited an anonymous researcher for reporting the zero-day. The same researcher has also been credited for a different high-severity use-after-free issue in Dawn, tracked as CVE-2026-5284."
"This is the fourth Chrome zero-day patched this year, after CVE-2026-2441, CVE-2026-3909, and CVE-2026-3910."
The Chrome 146 update resolves 21 vulnerabilities, with 19 classified as high-severity and 2 as medium-severity. A zero-day vulnerability, CVE-2026-5281, has been exploited in the wild and is a use-after-free issue in Chrome's graphics layer. Google acknowledged the existence of an exploit and credited an anonymous researcher for reporting it. This update marks the fourth zero-day patched in Chrome this year, with all vulnerabilities reported in March. Bug bounties for the researchers have not yet been determined.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]