"The vulnerability, tracked as CVE-2026-5281, is a use-after-free flaw affecting Chrome's WebGPU implementation through its Dawn GPU abstraction layer. This class of vulnerability occurs when a program continues to access memory after it has been freed, creating an opportunity for attackers to manipulate memory and execute malicious code."
"Google has confirmed that CVE-2026-5281 is being actively exploited in the wild. Attackers can exploit this flaw by triggering memory mismanagement within the GPU processing pipeline. This can lead to memory corruption, allowing adversaries to execute arbitrary code within the browser context."
"In more advanced attack chains, the vulnerability could be combined with additional flaws to bypass Chrome's sandbox protections and gain deeper access to the underlying system - potentially resulting in full device compromise."
Google has issued an urgent security update for Chrome to address multiple high-severity vulnerabilities, particularly CVE-2026-5281, a use-after-free flaw in the WebGPU implementation. This vulnerability allows attackers to manipulate memory and execute malicious code. The patch addresses 21 vulnerabilities, including memory-safety issues across various components. The flaws affect Chrome versions prior to 146.0.7680.177 on Linux and 146.0.7680.177/178 on Windows and macOS, highlighting the need for users to update their browsers to mitigate risks from browser-based attacks.
Read at TechRepublic
Unable to calculate read time
Collection
[
|
...
]