Chrome Emergency Update Fixes Actively Exploited Zero-Day Vulnerability

Google has released an emergency update for Chrome to fix a newly discovered zero-day vulnerability that is already being exploited in the wild. The flaw, tracked as CVE-2026-5281, marks the fourth actively exploited Chrome zero-day patched in 2026.

Use-after-free bug found in WebGPU component

The vulnerability is a use-after-free bug located in Dawn, Chromium’s WebGPU implementation. This type of flaw can lead to browser instability and open the door to more serious exploitation under certain conditions.

According to Google, the issue could cause browser crashes, data corruption, rendering problems, and other abnormal behavior. Due to active exploitation, the company has restricted technical details to reduce the risk of further attacks.

Patch rolling out across all platforms

The fix is now rolling out for Windows, macOS, and Linux under Chrome versions 146.0.7680.177 and 146.0.7680.178. While the update is available immediately, it may take time to reach all users through automatic updates.

Users can speed up the process by manually checking for updates in Chrome settings and restarting the browser after installation.

Growing wave of Chrome security threats

This latest patch highlights an ongoing trend of active threats targeting Chrome users. Google has already addressed multiple zero-day vulnerabilities this year, indicating a steady stream of high-risk exploits.

At the same time, security researchers are warning about VoidStealer malware campaigns designed to extract encryption keys from compromised systems. In parallel, attackers have also launched Google-themed phishing campaigns aimed at tricking users into revealing sensitive data.

With threats escalating, keeping Chrome updated remains one of the most effective ways to stay protected.

Via Bleeping Computer