critical

Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome

April 1, 2026·SecurityWeek·Threat Intel
zero-daychromevulnerabilitybrowser-securitydawngoogle

Chrome Zero-Day CVE-2026-5281 Exploited in the Wild: Dawn Component Under Attack

TL;DR: Google patched CVE-2026-5281, an actively exploited zero-day vulnerability in Chrome's Dawn component, along with 20 other security flaws. The zero-day has been confirmed as exploited in real-world attacks, making immediate patching critical for all Chrome users.

What Happened

According to SecurityWeek, Google released a Chrome security update addressing 21 vulnerabilities, with the most critical being CVE-2026-5281—a zero-day vulnerability affecting Chrome's Dawn component that has been actively exploited by attackers. The company confirmed the zero-day exploitation but has not disclosed technical details about the attacks or the threat actors involved, following their standard responsible disclosure practices.

The patch was released as part of Google's regular security update cycle, though the presence of an actively exploited zero-day likely accelerated the timeline for public release.

Technical Analysis

CVE-2026-5281 targets Chrome's Dawn component, which is Google's implementation of the WebGPU API (Web Graphics Processing Unit). WebGPU is a modern web standard that allows web applications to access GPU functionality for high-performance graphics rendering and compute operations directly from the browser.

Dawn serves as the native implementation layer that translates WebGPU calls to platform-specific graphics APIs like Vulkan, Metal, and Direct3D. Given this critical role in GPU access, vulnerabilities in Dawn could potentially allow attackers to:


The fact that this vulnerability has been actively exploited suggests it's likely being used as part of a broader attack chain, possibly combined with other techniques to achieve full system compromise.

Impact & Who's Affected

This zero-day affects all Chrome users across Windows, macOS, Linux, and ChromeOS platforms. The vulnerability is particularly concerning because:


The 20 additional vulnerabilities patched alongside the zero-day also present security risks, though Google has not indicated these are being actively exploited.

What You Should Do

Immediate Actions:
1. Update Chrome immediately to version 124.0.6367.60 or later
2. Restart your browser completely to ensure the update takes effect
3. Enable automatic updates if not already configured
4. Check your Chrome version by navigating to chrome://settings/help

For IT Administrators:


For Organizations:

The Bigger Picture

This zero-day highlights the expanding attack surface as browsers increasingly support advanced graphics and compute capabilities. WebGPU represents a significant leap in browser functionality, but also introduces new security challenges that defenders must understand.

The targeting of Dawn specifically suggests attackers are becoming more sophisticated in identifying and exploiting modern web platform components. This trend aligns with the broader evolution of browser-based attacks, where threat actors are moving beyond traditional JavaScript-based exploits to target lower-level browser components.

For the cybersecurity community, this incident reinforces the critical importance of rapid patch deployment and the need for organizations to have robust browser update management processes. With browsers becoming increasingly complex platforms that bridge web content and system resources, zero-day vulnerabilities in browser components will likely remain a high-priority target for advanced threat actors.

The silver lining is Google's quick response and transparent communication about the active exploitation, demonstrating mature vulnerability disclosure practices that help defenders respond effectively.

← All Threat IntelSource: SecurityWeek