Threat Advisories:
Axios npm Supply Chain Attack: What You Need to Know CVE-2026-5281: Chrome Dawn Flaw Sparks In-the-Wild Zero-Day Attacks CVE-2026-3055: Silent Memory Leak in NetScaler Actively Exploited Tracking Beast: Tools, Techniques, and Tradecraft in RaaS Operations FAUX#ELEVATE: Obfuscated VBS Campaign Targeting Enterprise HR System TeamPCP’s Automated Supply Chain: From Trivy to LiteLLM in a Multi-Ecosystem Breach Iranian MOIS Leverages Telegram-Based C2 in Espionage Campaign Targeting Dissidents MuddyWater: Iran’s Adaptive Cyber Espionage Machine March 2026 Linux Patch Roundup From Disclosure to Exploitation Overnight of a CVE-2026-33017 Langflow Flaw CVE-2026-20131: Interlock Ransomware Exploits Critical Cisco Secure FMC Flaw Operation GhostMail: The Invisible Inbox Breach Vidar Stealer 2.0 Distributed via Fake Game Cheats on GitHub and Reddit Targeting the Lens: Iranian Cyber Operations Against IP Cameras in the Middle East Konni APT’s Covert RAT Deployment LeakNet Ransomware’s Low-Cost High-Scale Infection Strategy Phishing in the Fog of War: A Surge in State-Aligned Espionage Campaigns Google Rushes to Fix Actively Exploited Flaws VENON Trojan Targets 33 Brazilian Financial Platforms AI-Assisted Slopoly Backdoor Powers Interlock Ransomware Intrusion
Critical Threat Research : Middle-East at WAR: The Rapidly Escalating Iranian Cyber Threat Download the Report
Platform
Comprehensive Threat Exposure Management Platform
Uni5 Xposure PlatformUni5 Xposure leverages exposure assessment and adversarial exposure validation to deliver a unified view of your cyber risks and all actionable pathways to resolve them. Powered by:
IntegrationsOut of box integrations available with a comprehensive set of Security and IT operations tools in your organisation.
HiveForce LabsThe in-house intelligence that enables customers to identify and address immediate cyber risks and potential threats with precision, clear insights, and swift action.
Hive Pro’s ComparisonSave Cost , Reduce Complexity and Increase Security by Augmenting and Replacing your existing Vulnerability Management platform
Hive Pro vs Rapid7
Hive Pro vs Tenable
Hive Pro vs Qualys
Hive Pro vs Nucleus Security
Solutions
By Use Case
Total Attack Surface Management
Multi-Environment Security Scanners
Complete Exposure Assessment
Comprehensive Security Intelligence
Vulnerability & Threat Prioritization
Adversarial Exposure Validation
By Role
CISO
Vulnerability Management
Security Operations
DevOps
Industry
Telecommunications
Healthcare
Financial Services
Government & Public Sector
Retail & E-Commerce
Educational Institutions
Resources
Learning Center
Threat Advisories
Threat Digests
Blog
Whitepapers
Resources
Advisories & Digests
Threat Advisories
Threat Digests
Content Library
learn
Blog
Whitepapers
Press Releases
connect
Webinars & Videos
Company
About Us
Careers
Our Leadership
Contact Us
Book a DemoThreat Digest - Subscribe
Platform
Platform
Comprehensive Threat Exposure Management Platform
Uni5 Xposure PlatformUni5 Xposure leverages exposure assessment and adversarial exposure validation to deliver a unified view of your cyber risks and all actionable pathways to resolve them. Powered by:
IntegrationsOut of box integrations available with a comprehensive set of Security and IT operations tools in your organisation.
HiveForce LabsThe in-house intelligence that enables customers to identify and address immediate cyber risks and potential threats with precision, clear insights, and swift action.
Hive Pro’s Comparison
Hive Pro vs Rapid7
Hive Pro vs Tenable
Hive Pro vs Qualys
Hive Pro vs Nucleus Security
Solutions
Solutions
By Use Case
Total Attack Surface Management
Multi-Environment Security Scanners
Complete Exposure Assessment
Comprehensive Security Intelligence
Vulnerability & Threat Prioritization
Adversarial Exposure Validation
By Role
CISO
Vulnerability Management
Security Operations
DevOps
Industry
Industry
Telecommunications
Healthcare
Financial Services
Government & Public Sector
Retail & E-Commerce
Educational Institutions
Resources
Resources
Learning Center
Threat Advisories
Threat Digests
Blog
Whitepapers
Resources
Resources
Advisories & Digests
Threat Advisories
Threat Digests
Content Library
learn
Blog
Whitepapers
Press Releases
connect
Webinars & Videos
Company
Company
About Us
Careers
Our Leadership
Contact Us
Book a DemoThreat Digest - Subscribe

CVE-2026-5281: Chrome Dawn Flaw Sparks In-the-Wild Zero-Day Attacks

Red | Vulnerability Report
Download PDF

Summary

Google has rushed out emergency fixes for CVE-2026-5281, a Chrome zero-day already being exploited in the wild, rooted in a use-after-free flaw within the WebGPU-powered Dawn component. By mishandling memory during GPU operations, the CVE-2026-5281 bug leaves behind dangling pointers that attackers can abuse to execute arbitrary code. With active exploitation of CVE-2026-5281 confirmed since March 10, 2026, updating Chrome immediately is critical to staying protected. CVE-2026-5281 affects Google Chrome versions before 146.0.7680.178 on Windows and macOS, and 146.0.7680.177 on Linux, as well as other Chromium-based browsers that include the vulnerable Dawn component. CVE-2026-5281 has been added to CISA KEV catalog.

Vulnerability Details

CVE-2026-5281 Use-After-Free in Dawn WebGPU Component

Google released emergency updates to fix another Chrome zero-day vulnerability exploited in attacks, tracked as CVE-2026-5281. This CVE-2026-5281 flaw is a use-after-free (UAF) issue (CWE-416) in the Dawn component, which powers Chrome’s implementation of the WebGPU API. Designed to enable high-performance GPU access from within the browser, WebGPU introduces complex memory interactions, making CVE-2026-5281 flaws like this particularly dangerous when memory is accessed after being freed.

Improper Memory Lifecycle Handling and Dangling Pointers

The CVE-2026-5281 vulnerability stems from improper memory lifecycle handling within Dawn during WebGPU operations. Certain GPU resources, once released, can still be referenced through lingering pointers. An attacker who has already gained a foothold in the Chrome renderer process can exploit this CVE-2026-5281 condition using a specially crafted web page with malicious WebGPU calls, ultimately triggering access to freed memory and achieving arbitrary code execution.

Multi-Stage Exploit Chain for Sandbox Escape

The attack vector for CVE-2026-5281 vulnerability is network-based, requiring user interaction; specifically, the victim must navigate to or be redirected to a malicious web page. However, because CVE-2026-5281 exploitation requires prior compromise of the renderer process, this vulnerability is most likely used as part of a multi-stage exploit chain, where an initial vulnerability is used to compromise the renderer sandbox before CVE-2026-5281 is leveraged for sandbox escape or privilege escalation to achieve full code execution on the host system.

Chromium-Based Browser Impact and Active Exploitation

The CVE-2026-5281 issue affects Chrome versions before 146.0.7680.178 on Windows and macOS, and 146.0.7680.177 on Linux, as well as other Chromium-based browsers that include the vulnerable Dawn component. With active exploitation of CVE-2026-5281 confirmed since March 10, 2026, users and organizations should immediately update to the latest Chrome version to reduce exposure and prevent potential attacks targeting the WebGPU Dawn component.

Recommendations

Update Google Chrome Immediately

All users and organizations should update Google Chrome to version 146.0.7680.177/178 for Windows and macOS, or 146.0.7680.177 for Linux without delay. This patch resolves the CVE-2026-5281 use-after-free vulnerability in Dawn that is under active exploitation. To update, navigate to More > Help > About Google Chrome and allow the browser to download and install the latest version, then relaunch the browser to complete the CVE-2026-5281 update process.

Update Chromium-Based Browsers

Users of other Chromium-based browsers, including Microsoft Edge, Brave, Opera, and Vivaldi, should monitor their respective vendors for security updates addressing the same underlying CVE-2026-5281 vulnerability and apply patches as soon as they become available. These browsers share the Chromium engine and are equally susceptible to CVE-2026-5281 if running unpatched versions.

Enable Automatic Updates

Ensure that automatic update mechanisms are enabled for all browsers deployed across the organization. This minimizes the window of exposure between CVE-2026-5281 vulnerability disclosure and patch application and reduces reliance on manual intervention for critical security updates.

Vulnerability Management

Maintain a comprehensive vulnerability management program that includes regular scanning, patch prioritization based on CISA KEV listings and active exploitation status, and a defined SLA for critical patch deployment. Maintain an inventory of all browser versions deployed across the enterprise and establish processes for rapid response when zero-day vulnerabilities like CVE-2026-5281 are disclosed.

MITRE ATT&CK TTPs

Initial Access:

  • T1189: Drive-by Compromise

Execution:

  • T1203: Exploitation for Client Execution
  • T1059: Command and Scripting Interpreter

Privilege Escalation:

  • T1068: Exploitation for Privilege Escalation

Resource Development:

  • T1588: Obtain Capabilities
    • T1588.006: Vulnerabilities

References

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox