Threat Intelligence / CVE / CVE-2026-5286
CVE-2026-5286
Use after free in Dawn (WebGPU) in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Patched alongside CVE-2026-5281 and CVE-2026-5284 in Chrome 146.0.7680.177/178 released March 31, 2026 as part of an emergency update addressing 21 total vulnerabilities across WebGL, WebCodecs, CSS, ANGLE, WebUSB, Web MIDI, V8, PDF handling, Navigation, and Compositing components. All Chromium-based browsers including Microsoft Edge, Brave, Opera, and Vivaldi are affected until upstream fixes are incorporated. (Chromium security severity: High)
CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weaknesses (CWE)
CWE-416
Threats tracking this CVE
- Google Chrome Dawn WebGPU Use-After-Free Zero-Day Under Active Exploitation (CVE-2026-5281) — HIGH
- Google Chrome Dawn WebGPU Use-After-Free Zero-Day Under Active Exploitation (CVE-2026-5281) — CRITICAL
References
- https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html
- https://issues.chromium.org/issues/493900619
Full detection coverage & IOCs for threats exploiting CVE-2026-5286 are available via the Threadlinqs MCP server (Purple tier). View plans →