Threat Intelligence / CVE / CVE-2026-5284
CVE-2026-5284
Use after free in Dawn (WebGPU) in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This is the third Dawn use-after-free vulnerability reported by the same researcher who disclosed CVE-2026-4676 and CVE-2026-5281, suggesting systematic research into Chrome's GPU subsystem. Patched in Chrome 146.0.7680.177/178 released March 31, 2026 as part of an emergency update addressing 21 total vulnerabilities. (Chromium security severity: High)
CVSS v3 vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Weaknesses (CWE)
CWE-416
Threats tracking this CVE
- Google Chrome Dawn WebGPU Use-After-Free Zero-Day Under Active Exploitation (CVE-2026-5281) — HIGH
- Google Chrome Dawn WebGPU Use-After-Free Zero-Day Under Active Exploitation (CVE-2026-5281) — CRITICAL
References
- https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html
- https://issues.chromium.org/issues/492139412
Full detection coverage & IOCs for threats exploiting CVE-2026-5284 are available via the Threadlinqs MCP server (Purple tier). View plans →