Google recently launched security patches for Chrome to fix 21 different security issues, including a critical zero-day vulnerability that is already being used by attackers. This specific flaw affects the Dawn component of the browser and could allow hackers to run unauthorized code on a user's computer through a malicious website.
The most pressing issue in this update is a use-after-free vulnerability identified as CVE-2026-5281, which resides in the open-source Dawn engine used for WebGPU graphics. By exploiting this bug, a remote attacker who has already gained some level of control over the browser's rendering process could potentially execute arbitrary commands. Google has confirmed that they are aware of active exploits for this specific weakness occurring in the wild.
In line with their standard security protocols, Google has withheld technical specifics regarding how the flaw is being leveraged or which groups are responsible for the attacks. This intentional lack of detail aims to give the general public enough time to update their software before other malicious actors can figure out how to replicate the exploit. By the time the full details are released, the goal is for the majority of the user base to be protected by the new patch.
This latest security incident follows a busy start to the year for Google, marking the fourth zero-day vulnerability they have had to address in 2026. Just recently, the company patched two other high-severity flaws that were also being actively exploited, as well as a previous bug found in the CSS component in February. The frequency of these discoveries highlights the ongoing efforts of attackers to find and weaponize weaknesses in the world’s most popular web browser.
To stay safe from these threats, users should immediately update Chrome to version 146.0.7680.177 or higher depending on their operating system. This update is accessible through the browser’s help menu, where a relaunch will finalize the installation of the security fixes. Furthermore, people using other browsers built on the Chromium engine, such as Microsoft Edge or Brave, should look for and apply similar updates as they are released by those respective companies.
Source: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html