CVE-2026-5281

CISA KEV

Published April 1, 2026 · Updated April 3, 2026

high

What This Means

**CVE-2026-5281: Use-After-Free in Google Dawn** Google Dawn contains a use-after-free vulnerability that allows an attacker with renderer process access to execute arbitrary code through a crafted HTML page. This affects Chrome, Edge, Opera, and other Chromium-based browsers. Patch immediately by updating to the latest browser version; block or sandbox untrusted HTML content in your environment until patching is complete.

Official Description+

Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability could affect multiple Chromium-based products including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Affected Products

Vendor	Product
Google	Dawn

Patch Status

Patch by 2026-04-15

Recommended Actions

Check if your systems use any of the affected products listed above.
Apply vendor patches immediately if available.
This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
Monitor vendor advisories for updates and additional mitigations.
Review logs for indicators of compromise related to CVE-2026-5281.

Related Coverage

Vvulnerability

CVE-2026-5281: Use-After-Free in Google Dawn Enables Arbitrary Code Execution Across Chromium-Based Browsers

CVE-2026-5281 is a use-after-free vulnerability in Google Dawn, the WebGPU implementation embedded in Chrome, Edge, Opera, and all Chromium-based browsers. An attacker who has compromised the renderer process can exploit the flaw via a crafted HTML page to achieve arbitrary code execution in the GPU process. CISA requires federal agencies to patch by April 15, 2026; all organizations should update affected browsers immediately and audit Electron applications for exposure.

CISA KEV·2d ago·3 min read