ARTICLE AD BOX
New Delhi: Google has recently issued a latest security alert for its Chrome users after confirming a new zero-day vulnerability that is already being exploited. The flaw is identified as CVE-2026-5281, which affects the browser’s WebGPU component and could expose users to attacks. Google has started rolling out the fix, but the upgrade might take days or weeks to reach all of the users globally.
The newly identified CVE-2026-5281 is a high-severity zero-day vulnerability, which means attackers were able to exploit it before the patch became widely available. The flaw is described as a use-after-free memory issue in Chrome’s cross-platform Dawn WebGPU component.
If successfully exploited, the vulnerability could lead to data corruption or browser crashes. It also enables the attackers to execute arbitrary code through a specifically crafted HTML page. Google has also restricted detailed technical information now, by stating that access to such details might remain limited until the majority of users receive the fix.
This fourth zero-day vulnerability patched in Chrome so far this year is a notable increase compared to the previous years.
The company has begun to rolling out a security update that addresses CVE-2026-5281 alongside 20 additional vulnerabilities. The upgrade might not reach all of the users immediately due to the staged rollout process. The users who want to install the upgrade without waiting can manually check for it in Chrome settings.
This can be done by opening the three-dot menu by navigating to Help, and selecting About Google Chrome, where the browser will automatically download and install any pending upgrades. Restarting the browser after installation will apply the fix.
English (US) ·