By rssfeeds-admin 
Targeted Version
The patched version is 146.0.7680.177/.178 for Windows and Mac, and 146.0.7680.177 for Linux. Users can update by navigating to Chrome Menu → Help → About Google Chrome, where the browser will automatically download and apply the fix upon restart.
The most dangerous flaw patched in this release is CVE-2026-5281, a high-severity “use after free” memory corruption bug found in Chrome’s Dawn graphics component.
Google has officially confirmed that an active exploit exists in the wild, meaning threat actors are already using it in targeted attack campaigns.
Use-after-free bugs occur when a program continues to use a memory pointer after that memory has been freed.
Attackers can exploit this to execute arbitrary malicious code or trigger system crashes, often simply by luring a victim to visit a compromised or malicious website.
20 Additional High-Severity Fixes
Alongside the zero-day, Google patched 20 other vulnerabilities reported by external security researchers and internal teams.
The majority are high-severity memory safety issues, including:
- Heap buffer overflows in GPU and ANGLE
- Use-after-free bugs in CSS, Web MIDI, WebCodecs, WebGL, Dawn, PDF, WebView, Navigation, and Compositing
- Integer overflows in Codecs and ANGLE
- Object corruption in the V8 JavaScript engine
- Out-of-bounds reads in WebCodecs
- Insufficient policy enforcement in WebUSB
These fixes were aided by Google’s internal testing tools AddressSanitizer and MemorySanitizer, which detect memory corruption vulnerabilities before they reach stable releases.
| CVE ID | Severity | Component | Issue Type |
|---|---|---|---|
| CVE-2026-5272 | High | GPU | Heap buffer overflow |
| CVE-2026-5273 | High | CSS | Use after free |
| CVE-2026-5274 | High | Codecs | Integer overflow |
| CVE-2026-5275 | High | ANGLE | Heap buffer overflow |
| CVE-2026-5276 | High | WebUSB | Insufficient policy enforcement |
| CVE-2026-5277 | High | ANGLE | Integer overflow |
| CVE-2026-5278 | High | Web MIDI | Use after free |
| CVE-2026-5279 | High | V8 | Object corruption |
| CVE-2026-5280 | High | WebCodecs | Use after free |
| CVE-2026-5281 | High | Dawn | Use after free (Zero-Day) |
| CVE-2026-5282 | High | WebCodecs | Out of bounds read |
| CVE-2026-5283 | High | ANGLE | Inappropriate implementation |
| CVE-2026-5284 | High | Dawn | Use after free |
| CVE-2026-5285 | High | WebGL | Use after free |
| CVE-2026-5286 | High | Dawn | Use after free |
| CVE-2026-5287 | High | Use after free | |
| CVE-2026-5288 | High | WebView | Use after free |
| CVE-2026-5289 | High | Navigation | Use after free |
| CVE-2026-5290 | High | Compositing | Use after free |
| CVE-2026-5291 | Medium | WebGL | Inappropriate implementation |
| CVE-2026-5292 | Medium | WebCodecs | Out of bounds read |
Security teams and enterprise administrators should prioritize deploying this patch across all Chrome-based environments immediately to block remote code execution attempts.
The browser will automatically apply the update upon a simple restart, effectively closing the exploitation window for attackers.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google
The post New Chrome Zero-Day Vulnerability Under Active Exploitation – Patch Now appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.