# CVE-2026-5286

> Use after free in Dawn (WebGPU) in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Patched alongside CVE-2026-5281 and CVE-2026-5284 in Chrome 146.0.7680.177/178 released March 31, 2026 as part of an emergency update addressing 21 total vulnerabilities across WebGL, WebCodecs, CSS, ANGLE, WebUSB, Web MIDI, V8, PDF handling, Navigation, and Compositing components. All Chromium-based browsers including Microsoft Edge, Brave, Opera, and Vivaldi are affected until upstream fixes are incorporated. (Chromium security severity: High)

- **CVSS:** 8.8 (HIGH)
- **EPSS:** 0.1%
- **CWE:** CWE-416

Canonical: https://intel.threadlinqs.com/cve/CVE-2026-5286
Full threat coverage + IOCs via the Threadlinqs MCP server (Purple tier): https://intel.threadlinqs.com/mcp