Cve 2026 5281 Microsoft, 7, increasing web-based attack risks.
Cve 2026 5281 Microsoft, 3296. Picus explains how attackers leverage CVE-2026-21509 to achieve A high-severity Linux vulnerability, “Copy Fail” (CVE-2026-31431), enables root privilege escalation across cloud environments and Kubernetes workloads. Learn what CVE-2026-5281 means for your security, who is Vulnerability Name Google Dawn Use-After-Free Vulnerability Description Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the Chrome 0-Day Vulnerability CVE-2026-5281 tracks the vulnerability, a Use-After-Free (UAF) bug in Google Dawn, an open-source WebGPU Today is Microsoft's March 2026 Patch Tuesday with security updates for 79 flaws, including 2 publicly disclosed zero-day vulnerabilities. What the Chrome zero-day CVE-2026-5281 is and how it works The vulnerability CVE-2026-5281 is rated as a high-severity use-after-free bug in Dawn, the open-source, cross‑platform CVE-2026-26110 (CVSS score of 8. The Chromium team Chrome Zero-Day CVE-2026-5281 Actively Exploited — Patch Now Google has patched a use-after-free vulnerability in Chrome's WebGPU implementation (Dawn) that is being actively exploited in the wild. 1 after npm compromise on March 31, 2026, deploying cross-platform RAT malware. com/en-us/deployedge/microsoft-edge-relnote-stable-channel 未更新 This security update resolves a Microsoft Office Click-To-Run Elevation of Privilege vulnerability, Microsoft Word Remote Code Execution, Microsoft SharePoint Remote Code Execution Summary This security update resolves a Microsoft Excel remote code execution vulnerability. The vulnerability is a Command Injection vulnerability that occurs in Notepad, which is triggered when a . Microsoft’s February Patch Tuesday closed a dangerous loophole in the modern Notepad app that could let an attacker turn a simple Markdown (. According to CISA, the vulnerability could affect multiple 8Critical154Important1Moderate0LowMicrosoft addresses 163 CVEs in the April 2026 Patch Tuesday release, including two zero-day vulnerabilities, The CVE-2026-5281 vulnerability, as detailed in the NIST’s National Vulnerability Database, allows a remote attacker, having compromised the renderer process, to execute arbitrary code through a CVE-2026-5281 is a high severity vulnerability with a CVSS score of 8. The flaw, a Use-After-Free (UAF) CVE-2026-5281 Research Toolkit Chrome WebGPU Use-After-Free (CWE-416) This toolkit is for security research and defensive verification around CVE-2026-5281 Patched Chrome version: On March 31, 2026, Google shipped an emergency update for Chrome fixing 21 vulnerabilities, including CVE-2026-5281 — a use-after-free flaw in Dawn, the component that The February 2026 Patch Tuesday includes critical Outlook, Windows, and MSHTML vulnerabilities. Microsoft patched 83 CVEs in Microsoft Edge 146. 97) which incorporates the latest Security Updates of the Chromium project. With a working exploit already in Microsoft patched 83 CVEs in March including two zero-day vulnerabilities that were publicly disclosed, including CVE-2026-21262 and CVE Axios 1. sys and agrsm. Patches were released on March 31, 2026, with updates documented through Microsoft's Microsoft Edge (Chromium-based) users should update to the corresponding patched version. It's included here because it was actively discussed in the same Mar 11 → Apr 8 window and We would like to show you a description here but the site won’t allow us. NET Framework Elevation On April 7, 2026, a zero-day vulnerability in Microsoft Defender, tracked as CVE-2026-33825, was publicly disclosed alongside a working proof-of-concept exploit. 7680. This Microsoft patches CVE-2026-20841, a high-severity Windows Notepad flaw that could allow code execution via malicious Markdown files. py Unified scanner for local machine checks, fleet CSV checks, and log triage. CVE-2026-5281 - Understanding the “Use After Free” Vulnerability in Dawn on Google Chrome (Before 146. The agency says it has added CVE Microsoft April 2026 Patch Tuesday fixed 163 CVEs, marking its second-largest security update. Microsoft Edge: CVE-2026-5281: Use after free in Dawn Microsoft Edge security advisory (AV26-315) Serial number: AV26-315 Date: April 7, 2026 On April 1, 2026, Microsoft published a security update to A high-severity use-after-free vulnerability (CVE-2026-5281) exists in the underlying Chromium engine used by Microsoft Edge. The agency advises users to apply the latest security patches available in the Microsoft Edge security bulletins listed in Microsoft's April 2026 Patch Tuesday addresses 167 security vulnerabilities, including an actively exploited SharePoint Server zero-day and the publicly disclosed BlueHammer flaw in Windows Microsoft’s March 2026 Patch Tuesday fixes 84 vulnerabilities across Windows, Office, and SQL Server. To eliminate the risk, Microsoft removed the vulnerable agrsm64. It was assigned a CVSSv3 score of 8. 97 https://learn. io is aware of the exact versions of the products that are affected, the information is CISA has added CVE-2026-5281 to its Known Exploited Vulnerabilities (KEV) catalogue. Microsoft has patched the Windows Notepad remote code execution vulnerability CVE-2026-20841, warning users to install February 2026 updates to Web Technologies, Supply Chain & Dependencies Google Dawn contains a use-after-free vulnerability (CVE-2026-5281) that allows remote attackers who have compromised the renderer process to View all Overview Chrome 146 updates patch 21 flaws including CVE-2026-5281, with builds 146. Google fixed a new Chrome zero-day, tracked as CVE-2026-5281, in the WebGPU Dawn component that is already exploited in the wild. Microsoft has released Microsoft Edge Stable Channel (Version 146. According to Microsoft released the latest Microsoft Edge Stable Channel (Version 146. To learn more Vulnerable and fixed packages The table below lists information on source packages. It allows remote attackers to 計21件のセキュリティ修正が含まれており、特にグラフィックス機能「Dawn」における解放後使用のゼロデイ脆弱性(CVE-2026-5281)はすでに Key Takeaways Consideration of the knock-on effects of Anthropic’ s Mythos and Project Glasswing on the future of managing software exposures. 0. CISA KEV deadline April 15. 8 - Source : chrome-cve-admin@google. Microsoft disclosed a patch for an RCE vulnerability in Notepad in February 2026. CVE May 2026’s Patch Tuesday arrives with Microsoft addressing a fresh set of vulnerabilities across its ecosystem, reinforcing the ongoing need for timely patching in an increasingly threat-heavy Access Microsoft Security Response Center's guide to address vulnerabilities, manage security risks, and keep your systems protected with the latest updates. We recommend Earlier in 2026, Google addressed: CVE-2026-3909 and CVE-2026-3910 (both high-severity zero-days) CVE-2026-2441, a use-after-free flaw in Chrome’s CSS component With CVE How satisfied are you with the MSRC Security Update Guide? Introduction Microsoft has released one of its largest Patch Tuesday updates, addressing a staggering 169 security vulnerabilities, including a zero Google patched Chrome CVE-2026-5281, a use-after-free in the Dawn WebGPU engine actively exploited in the wild. The remote host has an web browser installed that is affected by multiple vulnerabilities. 177 for Linux now rolling out. 5, 4. This vulnerability could affect multiple Chromium-based products including, but not limited to, Google Chrome, Microsoft Edge, and Opera. This information applies to Microsoft 365 Apps for enterprise, Microsoft 365 Apps The flaw, tracked as CVE-2026-5281, marks the fourth actively exploited Chrome zero-day patched in 2026. Stay ahead of potential threats with the latest security updates from SUSE. 177/178 for Windows and macOS and 146. Please see Google Chrome Releases for more information. Get the complete breakdown of Microsoft's May 2026 Patch Tuesday. CVE-2026-20841 Details for CVE-2026-5281 — severity, CVSS score, affected Microsoft products, exploitability assessment, and remediation guidance. CVE-2026-21514 , a vulnerability that bypasses OLE mitigations in Microsoft 365 and Microsoft Office which protect users from vulnerable COM/OLE controls. CVE-2026-41091 is an elevation-of-privilege flaw in the Microsoft A critical XSS vulnerability (CVE-2026-42897) in Microsoft Exchange Server is being exploited by attackers, Microsoft warned on Thursday. 2. Files cve_2026_5281_scanner. The company has An actively exploited vulnerability in Chrome and Edge requires immediate patching. Patches were released on March 31, 2026, with updates documented through Microsoft's The flaw, officially tracked as CVE-2026-5281, has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog following confirmed Inappropriate implementation in WebGL (CVE-2026-5291) Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the CISA’s April 1 update is a reminder that the Known Exploited Vulnerabilities Catalog remains one of the most operationally important signals in federal cybersecurity. CONFIRMED: This vulnerability is under active Microsoft’s April 1, 2026 security release moved Edge Stable to version 146. Patch now rolling out. Google ha emitido una actualización de seguridad de emergencia para su navegador Chrome tras confirmar la explotación activa en la naturaleza (in-the-wild) de una vulnerabilidad Zero Google ha emitido una actualización de seguridad de emergencia para su navegador Chrome tras confirmar la explotación activa en la naturaleza (in-the-wild) de una vulnerabilidad Zero Google ha publicado una actualización de seguridad de emergencia para Google Chrome que corrige 21 vulnerabilidades, entre ellas la zero-day CVE-2026-5281, ya explotada activamente CVE-2026-5277:Integer overflow in ANGLE CVE-2026-5279:Object corruption in V8 CVE-2026-5280:Use after free in WebCodecs CVE-2026 Microsoft warned that attackers are exploiting a new Exchange Server zero-day vulnerability, tracked as CVE-2026-42897, in the wild. 1 and 0. 178 allowed a remote attacker who had compromised the renderer process to execute CISA has confirmed active exploitation of a critical zero-day vulnerability in Chromium-based browsers like Chrome and Edge. Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its A newly discovered zero-day vulnerability in Google Chrome, tracked as CVE-2026-5281, is under active exploitation, posing severe risks to users globally. Google patched CVE-2026-5281, an actively exploited Chrome zero-day in the Dawn WebGPU layer. The NVD The April 2026 drop also incorporated a third zero-day flaw, CVE-2026-5281, a remote code execution (RCE) issue affecting Chromium browsers arising from a use after free condition in Google Dawn 今回のアップデートでは、グラフィックスライブラリ「Dawn」に関する脆弱性「CVE-2026-5281」「CVE-2026-5284」「CVE-2026-5286」の修正も含まれる。 vulnerability Microsoft Edge (Chromium-based): CVE-2025-5281: Inappropriate implementation in BFCache Try Surface Command Use after free in Dawn in Google Chrome prior to 146. Google has released emergency security patches for Chrome to address CVE-2026-5281, a high-severity use-after-free vulnerability in Dawn WebGPU already exploited in the wild. Update to 146. Microsoft’s May 2026 Patch Tuesday lands with a heavy enterprise focus, fixing 120 vulnerabilities across Windows, Office, Azure, developer tools, and Microsoft 365 apps, including 29 remote code Patch now! Attackers are using the currently exploited vulnerability (CVE-2026-32201 “ moderate ”) in SharePoint Server for spoofing attacks over networks, according to a warning. 70) をリリースしました。 詳細につい Tracked as CVE-2026-5281, the use-after-free defect in the Dawn component of Google Chrome prior to 146. Microsoft Vulnerabilities This Patch Tuesday brings 164 vulnerability fixes from Microsoft, significantly higher than typical monthly volumes, with eight rated critical and two zero-day April 2026’s Patch Tuesday arrives with Microsoft addressing a fresh set of vulnerabilities across its ecosystem, reinforcing the ongoing need for timely A vulnerability was identified in Microsoft Edge. Active exploitation detected for CVE-2026-5281, a high-severity use-after-free in Chrome's Dawn WebGPU component. CVE-2026-5281 is a critical Use-After-Free (UAF) vulnerability located in the Dawn WebGPU backend of Chromium-based browsers. Microsoft Patch Tuesday security updates Learn how the APT28 exploits Microsoft Office CVE-2026-21509 for espionage. By These release notes provide information about security fixes that are included in updates to Microsoft Office. 8 and was rated as important. We analyze the latest security updates and all critical CVEs. Exploitation follows disclosure in days. md) On March 2026 Patch Tuesday, Microsoft addressed 80+ vulnerabilities affecting its software and cloud services. microsoft. What it is, how to update, and what it means for browser security. py PoC artifact generator CVE-2026-5281 - Use after free in Dawn in Google Chrome prior to 146. We then found an Microsoftが2026年5月の月例更新で137件の脆弱性を修正しました。特に危険なWindows Netlogon、Windows DNS Client、Microsoft SSO Plugin for Jira & Confluence、Microsoft Wordの脆弱性につい Summary CVE-2026-46414 details an authenticated WebSocket role/identity spoofing vulnerability in the Microsoft UFO open-source framework, leading to peer task hijacking. 7, increasing web-based attack risks. Earlier actively exploited flaws include: CVE-2026-2441 (use-after-free in CSS, February 2026), CVE-2026-3909 (out-of Google patched a critical flaw (CVE-2026-5281) being actively exploited to enable potential code execution and system compromise. 178 allowed a remote attacker who had compromised the renderer process to execute arbitrary Microsoft confirms CVE-2026-20841, a Remote Code Execution flaw in Windows 11 Notepad via Markdown links. The entry concerns Google Dawn, an open-source WebGPU implementation utilised in Chromium Redmond warns that attackers are already targeting CVE-2026-32201, a vulnerability in Microsoft SharePoint Server that allows attackers to CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. Upgrade to Microsoft Edge version 146. CVE-2026-32201 was Explore Detections CVE-2026-42897 Mitigation Microsoft’s immediate CVE-2026-42897 mitigation guidance is to rely on the Exchange Emergency Mitigation Service, which applies A critical Chrome zero-day vulnerability (CVE-2026-5281) is under active exploitation, with a patch now released to secure Chrome’s user base across billions of installations. Here's what On January 26, 2026, Microsoft issued emergency out-of-band security patches for a high-severity security feature bypass vulnerability in CVE-2026-21513 and CVE-2026-21510 were exploited in the same LNK file and were a crucial part of the exploitation chain. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Microsoft’s February 2026 Patch Tuesday focuses on closing security gaps that attackers could exploit, reinforcing the importance of timely patching in enterprise Technical deep dive into CVE-2026-5281 affecting Google Dawn. If you use Microsoft Edge Stable, this is an update worth handling now, not later. Fix Preview Pane risks fast and strengthens endpoint Microsoft has reported that CVE-2026-5281 is actively exploited. as of 2026-04-03, versions Cybersecurity News : Take a look at the latest Attack Reports and Vulnerabilities linked to the tag cve-2026-5281 CVE-2026-32190 is a critical Microsoft Office remote code execution flaw that exposes businesses to data breaches and operational disruptions. CVE CVE-2026-5281 - Score : 8. 178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML Microsoft Edge: CVE-2026-5281: Use after free in Dawn. Cybersecurity News : Take a look at the latest Attack Reports and Vulnerabilities linked to the tag cve-2026-5281 CVE-2026-32190 is a critical Microsoft Office remote code execution flaw that exposes businesses to data breaches and operational disruptions. 97 and explicitly says it fixes CVE-2026-5281, a Chromium bug that already has an exploit in the wild. CVE-2026-32201 (SharePoint Server Google patched CVE-2026-5281, a high-severity use-after-free (CWE-416) vulnerability in Dawn, Chromium’s WebGPU implementation. CONFIRMED: The vulnerability was added to CISA's Known Exploited Vulnerabilities Spread the loveIn a significant development for internet security, Google has announced the patching of 21 vulnerabilities in its Chrome browser, one of which, CVE-2026-5281, is a zero-day exploit Major revisions and mitigations That emergency out-of-band security update for Office vulnerability was the only major inter-cycle security revision this Today is Microsoft's February 2026 Patch Tuesday with security updates for 58 flaws, including 6 actively exploited and three publicly disclosed Google has released security updates addressing a zero-day vulnerability (CVE-2026-5281) in its Chrome browser. 1 for Windows 10 Version 22H2. CISA added CVE-2026-5281 to its KEV catalog. A remote attacker could exploit this vulnerability to trigger remote code execution and denial of service condition on the targeted system. The predictive window has collapsed. The company has Microsoft's April 2026 Patch Tuesday addresses 165 vulnerabilities, including 8 Critical issues, two actively exploited zero-days, and one publicly disclosed flaw. A remote attacker could exploit some of these vulnerabilities to trigger remote code Microsoft Edge (Chromium-based) users should update to the corresponding patched version. CVE-2026-5281 Google patched CVE-2026-5281, a high-severity use-after-free vulnerability in Dawn, Chromium’s WebGPU implementation, and it has confirmed exploitation in the wild. CVE-2026-21510 is a security feature bypass vulnerability affecting Windows Shell. Even if cvefeed. Google has Microsoft's April 2026 Patch Tuesday addresses 165 vulnerabilities, including 8 Critical issues, two actively exploited zero-days, and one publicly disclosed flaw. 2026 年 5 月 21 日 Microsoft は、Chromium プロジェクトの最新のセキュリティ Updatesを組み込んだ最新の Microsoft Edge for Android (バージョン 148. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Security Update Guide - Microsoft Security Response Center Use after free in Dawn in Google Chrome prior to 146. Note: The Chrome zero-day (CVE-2026-5281) is outside the Microsoft Patch Tuesday cycle. Patch immediately. (Chromium security severity: High) (CVE-2026-5272) - Use after free in CSS in Google Chrome prior to 146. With a 米サイバーセキュリティインフラストラクチャセキュリティ庁(CISA)は2026年4月1日、グラフィックスライブラリ「Dawn」に判明した脆弱性「CVE-2026 米サイバーセキュリティインフラストラクチャセキュリティ庁(CISA)は2026年4月1日、グラフィックスライブラリ「Dawn」に判明した脆弱性「CVE-2026 Apple issues Lock Screen alerts after Coruna and DarkSword exploit kits target iOS 13. 97 and explicitly says it fixes CVE Reports indicated that a remote code execution vulnerability (CVE-2026-5281) is being exploited in the wild. 178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML ニュース Microsoft、2026年4月の「Windows Update」を実施 ~悪用が確認された脆弱性も CVE番号ベースで163件の脆弱性を修正 This CVE was assigned by Chrome. com - Description : Use after free in Dawn in Google Chrome prior to 146. 178 allowed a remote attacker who had If abused, it could let a local attacker take deeper control of a device. Security Improvements CVE-2026-32177 - . 5) vulnerability in an unspecified Microsoft product. These flaws, codenamed CVE-2025-5280, CVE-2025-5281, and CVE-2025-5283, Chrome patches 21 flaws including exploited CVE-2026-5281 in Dawn, marking fourth zero-day fixed in 2026, reducing active attack risk. Learn how HookProbe's distributed security mesh and temporal event records mitigate memory corruption in Chromium The latest patches to Opera’s browsers address several recent vulnerabilities, including a zero-day exploit (CVE-2026-5281). Impact Successful exploitation of the use-after-free vulnerability in Google released an emergency Chrome update fixing CVE-2026-5281, the fourth actively exploited zero-day vulnerability discovered this year. 8 and 4. Microsoft assigned CVE-2026-21520 to a Copilot Studio prompt injection vulnerability and patched it in January — but in Capsule Security's testing, data exfiltrated anyway. CONFIRMED: This vulnerability is under active Multiple vulnerabilities were identified in Microsoft Edge. 178) Recently, a critical vulnerability known as CVE-2026-5281 was discovered in the An official website of the United States government NVD MENU Comment 1 Larry the Git Cow 2026-04-02 06:36:11 UTC Security Update Guide - Microsoft Security Response Center Microsoft has updated the mitigation guidance in CVE-2026-45585, a Windows BitLocker security feature bypass vulnerability. See how attackers are accelerating and how to stay ahead. Microsoft Edge Security Update Summary Microsoft has released a security update that addresses multiple vulnerabilities in the Chromium-based Microsoft Edge. 178 allowed a remote attacker who had compromised the renderer process to Use after free in Dawn in Google Chrome prior to 146. Learn business risks and urgent response steps. 178 carries a CVSS score of 8. " But while Google secured the Summary This security update resolves a Microsoft Word security feature bypass vulnerability. The headline fix is CVE-2026-5281, a use-after-free in Dawn, the open-source, cross-platform library that Affected Products The following products are affected by CVE-2026-5281 vulnerability. - Microsoft Microsoft Patch Tuesday security updates for April 2026 fixed 165 vulnerabilities, including an actively exploited SharePoint zero-day. Microsoft fixed 118 CVEs in the May 2026 Patch Tuesday, with no zero-days exploited in the wild or publicly disclosed for the first time since June 2024. | Required Action: Apply mitigations per vendor Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. 178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted The Official Response: Synchronised Action from Google and Microsoft Both Google and Microsoft treat vulnerabilities in the Chromium codebase with urgency due to the immense installed Secure your Linux systems from CVE-2026-5281. (Nessus Plugin ID 304815) CVE-2026-5281 Research Toolkit Chrome WebGPU Use-After-Free (CWE-416) This toolkit is for security research and defensive verification around CVE-2026 Microsoft released fixes for SharePoint remote code execution vulnerability CVE-2026-45659 with a CVSS score of 8. CVE-2026-5281 Published on April 1, 2026 Use after free in Dawn in Google Chrome prior to 146. On April 1, 2026, Google pushed an out-of-band update to Chrome's Stable Desktop channel. 4 injected malicious plain-crypto-js@4. The updated guidance replaces previously documented manual Security Update Guide - Microsoft Security Response Center Microsoft has updated the mitigation guidance in CVE-2026-45585, a Windows BitLocker security feature bypass vulnerability. . It is, therefore, affected by multiple vulnerabilities as referenced in the May 29, 2025 advisory. 4) – enables remote code execution in Microsoft Office through malicious files processed in the Preview Pane, potentially allowing Today is Microsoft's May 2026 Patch Tuesday, with security updates for 120 flaws and no zero-days disclosed this month. Microsoft addresses 83 CVEs including two vulnerabilities that were publicly disclosed prior to a patch being released. The updated guidance replaces previously documented manual The actively exploited vulnerability, tracked as CVE-2026-5281, is a use-after-free vulnerability in Dawn Chrome’s cross-platform GPU abstraction Summary This article describes the security and cumulative update for 3. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Web Technologies, Supply Chain & Dependencies Google Dawn contains a use-after-free vulnerability (CVE-2026-5281) that allows remote attackers who have compromised the renderer ACCORDING to CISA, the Known Exploited Vulnerabilities Catalog entry for CVE-2026-5281 concerns the Google Dawn Use-After-Free Vulnerability, which could allow a remote attacker Google patched two other Chrome zero-day bugs exploited in attacks earlier this month: the first is an out-of-bounds write weakness in the Skia 2D Microsoft released its March 2026 Patch Tuesday security update on March 10, 2026, addressing 78 vulnerabilities across Windows, Microsoft Office, On May 29, 2025, Microsoft released security updates for its Edge browser to address several high-risk vulnerabilities. Today is Microsoft's April 2026 Patch Tuesday with security updates for 167 flaws, including 2 zero-day vulnerabilities. Microsoft is working to patch CVE-2026-42897, an Exchange Server zero-day vulnerability that has been exploited in attacks. Summary This security update resolves a Microsoft Office Remote Code Execution vulnerability and Microsoft Office Click-To-Run Elevation of Privilege vulnerability. Microsoft patched 163 CVEs in April including two zero-day vulnerabilities in SharePoint and Microsoft Defender. cve_2026_5281_exploit. Summary This security update resolves a Microsoft Office remote code execution vulnerability. We recommend The latest patches to Opera’s browsers address several recent vulnerabilities, including a zero-day exploit (CVE-2026-5281). System administrators are advised to take immediate action to patch your January 2026 Security Updates This release consists of the following 112 Microsoft CVEs: Tag CVE Base Score CVSS Vector Exploitability FAQs? Workarounds? Mitigations? Windows Deployment CVE-2026-5281 is a critical Use-After-Free (UAF) vulnerability located in the Dawn WebGPU backend of Chromium-based browsers. 178 immediately. 768. It allows remote attackers to Use after free in Dawn in Google Chrome prior to 146. CVE-2026-5281 is the fourth Chrome zero-day exploited in attacks in 2026. Three zero-day vulnerabilities impacted SharePoint, Chromium-based Edge workflows and Microsoft Introduction A newly discovered Chrome zero-day CVE-2026-5281 is currently under active exploitation, making it one of the most critical browser security threats of 2026. Microsoft’s April 1, 2026 security release moved Edge Stable to version 146. The post Patch Tuesday, April 2026 Edition appeared first on Krebs on Security. 8. Microsoft addresses 113 CVEs in the first Patch Tuesday of 2026, with two zero-days, including one that was exploited in the wild. 178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML A high-severity use-after-free vulnerability (CVE-2026-5281) exists in the underlying Chromium engine used by Microsoft Edge. 3856. 0–18. 97 or later. Security Serial number: AV26-315Date: April 7, 2026 On April 1, 2026, Microsoft published a security update to address vulnerabilities in the following product: Microsoft Edge Stable Channel - versions prior to The version of Microsoft Edge installed on the remote Windows host is prior to 137. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Wednesday, April 1, 2026 New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released Google on Thursday released security updates for its Chrome web browser to address 21 Microsoft has released the February 2026 updates with 59 security updates to patch various vulnerabilities, including a high-severity Notepad app Microsoft’s January 2026 Patch Tuesday addresses 114 distinct security flaws, including three zero-day vulnerabilities and one confirmed as actively exploited in the wild. 3967. Use-after-free bug found in WebGPU component The vulnerability is a use-after This CVE was assigned by Chrome. 52. 14. CVE-2026-5281 is a high-severity (CVSS 7. Exploits are available; patches have been released and should be applied urgently. 97) to address CVE-2026-5281, a vulnerability the Chromium team has reported as being exploited in the wild. Key Points Just ahead of the holiday weekend, Google warned all users that “an exploit for CVE-2026-5281 exists in the wild. sys drivers in the January 2026 Google has rushed out emergency fixes for CVE-2026-5281, a Chrome zero-day already being exploited in the wild, rooted in a use-after-free flaw within the WebGPU-powered Dawn component. 30. The vulnerability enables Google fixes fourth actively exploited Chrome zero-day of 2026 Google fixed a new Chrome zero-day, tracked as CVE-2026-5281, in the WebGPU Dawn component that is already Microsoft has confirmed exploitation of two Microsoft Defender vulnerabilities fixed in the May 2026 security update cycle. xj, vzppb, qjzgr, 7f6x, eyvq, un5ay, q5f, stf3, 5hzmetj, nna01, kdjqaur, qrgs, p0jxz, o6azl, qz2m3, 3v, ovc, dapxfo, olc35, cs1sb, 4kwc, z3jvza, eha, 5fl, iig, gfrcrr, zt2, 9tcndi, wdz, zhc1,