• Home
  • cyber
  • Google: New Chrome Zero-Day Vulnerability Actively Exploited in Attacks — Patch Now
cyber Vulnerability

Google: New Chrome Zero-Day Vulnerability Actively Exploited in Attacks — Patch Now

Mar 10, 2026 2 min read
Google: New Chrome Zero-Day Vulnerability Actively Exploited in Attacks — Patch Now

Google Patches Actively Exploited Zero-Day in Chrome Browser

Google has released an emergency security update for Chrome, addressing a zero-day vulnerability (CVE-2026-5281) under active exploitation. The flaw, a use-after-free bug in Chrome’s Dawn GPU abstraction layer (used for WebGPU), could allow attackers to execute arbitrary code or escape the browser sandbox. The update version 146.0.7680.177/178 for Windows and Mac, and 146.0.7680.177 for Linux is rolling out globally over the coming days and weeks.

Google confirmed the exploit’s existence in the wild, with the vulnerability reported by an anonymous researcher on March 10, 2026. Technical details remain restricted to prevent further exploitation until most users receive the patch.

In addition to the zero-day, the update fixes 21 security vulnerabilities, including 19 high-severity flaws across Chrome’s subsystems. Notable patches address:

  • Use-after-free bugs in CSS, WebGL, WebCodecs, Web MIDI, WebView, Navigation, and Compositing.
  • Heap buffer overflows in GPU and ANGLE.
  • Integer overflow in Codecs.
  • Insufficient policy enforcement in WebUSB.
  • Object corruption in V8.

Three of the high-severity patches were discovered by Google’s internal security teams, indicating proactive threat hunting. The concentration of use-after-free vulnerabilities highlights persistent memory safety challenges in browser rendering pipelines.

All Chrome users on versions prior to 146.0.7680.177/178 are at risk, with enterprise security teams urged to prioritize the update due to confirmed exploitation of CVE-2026-5281. The patch can be applied via Chrome’s built-in updater or deployed through endpoint management platforms.

Source: https://cybersecuritynews.com/chrome-zero-day-vulnerability-exploited/

Google cybersecurity rating report: https://www.rankiteo.com/company/google

"id": "GOO1775053870",
"linkid": "google",
"type": "Vulnerability",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'All Chrome users on versions '
                                              'prior to 146.0.7680.177/178',
                        'industry': 'Technology',
                        'location': 'Global',
                        'name': 'Google Chrome',
                        'type': 'Software'}],
 'attack_vector': 'Browser Exploitation',
 'customer_advisories': 'All Chrome users advised to update to version '
                        '146.0.7680.177/178 immediately.',
 'date_detected': '2026-03-10',
 'description': 'Google has released an emergency security update for Chrome, '
                'addressing a zero-day vulnerability (CVE-2026-5281) under '
                'active exploitation. The flaw, a use-after-free bug in '
                'Chrome’s Dawn GPU abstraction layer (used for WebGPU), could '
                'allow attackers to execute arbitrary code or escape the '
                'browser sandbox. The update also fixes 21 additional security '
                'vulnerabilities, including 19 high-severity flaws.',
 'impact': {'operational_impact': 'Potential arbitrary code execution or '
                                  'sandbox escape',
            'systems_affected': 'Chrome Browser (versions prior to '
                                '146.0.7680.177/178)'},
 'investigation_status': 'Ongoing (technical details restricted to prevent '
                         'further exploitation)',
 'lessons_learned': 'Persistent memory safety challenges in browser rendering '
                    'pipelines, particularly use-after-free vulnerabilities.',
 'post_incident_analysis': {'corrective_actions': 'Patch released to address '
                                                  'CVE-2026-5281 and 21 '
                                                  'additional vulnerabilities.',
                            'root_causes': 'Use-after-free vulnerability in '
                                           'Chrome’s Dawn GPU abstraction '
                                           'layer (WebGPU).'},
 'recommendations': 'Prioritize patch deployment for Chrome users, especially '
                    'in enterprise environments. Monitor for further '
                    'exploitation attempts.',
 'references': [{'source': 'Google Security Blog'}],
 'response': {'communication_strategy': 'Public disclosure of vulnerability '
                                        'and patch availability',
              'containment_measures': 'Emergency security update released '
                                      '(version 146.0.7680.177/178)',
              'remediation_measures': 'Patch deployment via Chrome’s built-in '
                                      'updater or endpoint management '
                                      'platforms'},
 'stakeholder_advisories': 'Enterprise security teams urged to prioritize the '
                           'update due to confirmed exploitation of '
                           'CVE-2026-5281.',
 'title': 'Google Patches Actively Exploited Zero-Day in Chrome Browser',
 'type': 'Zero-Day Exploitation',
 'vulnerability_exploited': 'CVE-2026-5281 (Use-after-free in Dawn GPU '
                            'abstraction layer)'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.