Google released emergency Chrome updates to address CVE-2026-5281, a use-after-free vulnerability in Dawn, Chromium’s cross-platform implementation of the WebGPU standard. Google says it is aware of in-the-wild exploitation, but has not provided public details on attack chains or actors.

## Key details

- Vulnerability: CVE-2026-5281 (use-after-free)

- Component: Dawn (WebGPU)

- Risk: crashes, data corruption, rendering anomalies, and potential exploitation

- Status: exploited in the wild

- Fix: Stable Desktop updates (Windows/macOS/Linux)

## Why it matters

WebGPU expands the browser’s graphics and compute surface area. As browsers expose more low-level capability, memory-safety issues in graphics/compute layers become high-value targets. Organizations should prioritize fast patching of browsers—especially when Google explicitly notes exploitation.

## What to do

- Update Chrome immediately via the built-in update mechanism.

- For managed fleets, verify version rollouts and enforce restart/apply policies.

- Monitor endpoints for suspicious browser-driven behaviors, especially in targeted environments.