Summary
| Vulnerability Name | Use-After-Free Vulnerability in Dawn Google Chrome (CVE-2026-5281) |
| Released on | April 02, 2026 |
| Affected Component | Google Chrome |
| Affected Version | Google Chrome(Windows/macOS) < 146.0.7680.177/178 Google Chrome(Linux) < 146.0.7680.177 |
| Vulnerability Type | Use after free |
| Exploitation Condition | 1. User authentication: not required. 2. Precondition: default configurations. 3. Trigger mode: remote. |
| Impact | Exploitation difficulty: easy. Attackers can exploit this vulnerability to execute arbitrary code without authorization. Severity: critical. This vulnerability may result in remote code execution. |
| Official Solution | Available |
About the Vulnerability
Component Introduction
Google Chrome is a web browser developed by Google based on other open source software such as WebKit. It aims to enhance the browsing stability, speed, and security, and create a simple but efficient user interface.
Vulnerability Description
On April 02, 2026, Sangfor FarSight Labs received notification of the use-after-free vulnerability in Dawn in Google Chrome (CVE-2026-5281), classified as critical in threat level.
Specifically, Google Chrome's Dawn contains a use-after-free vulnerability. During the lifecycle management of graphics resources, the program fails to properly clear references to memory that has already been freed, and allows the freed memory to still be accessed and used. An attacker can trigger this vulnerability by crafting a malicious webpage. By exploiting this vulnerability together with other vulnerabilities, the attacker can bypass the browser sandbox and execute arbitrary code remotely on the target device. This vulnerability has been confirmed to be exploited in the wild.
Affected Versions
The following Google Chrome versions are affected:
Google Chrome(Windows/macOS) < 146.0.7680.177/178
Google Chrome(Linux) < 146.0.7680.177
Remediation Solutions
How to View the Google Chrome Version
- Open the Google Chrome browser, click the More icon in the upper-right corner, and choose Help > About Google Chrome.
- View the version information.
Official Solutions
The latest version has been officially released to fix the vulnerability. Affected users are advised to update Google Chrome to the latest version.
Download link: https://www.google.com/chrome/
Temporary Solutions
- Disable unused functional modules to reduce attack entry points.
- Follow the principle of least privilege to strictly control the scope of permissions for sensitive operations.
- Do not expose services to the Internet unless necessary, to limit the access sources to trusted ranges.
- Regularly update the system and components to secure versions so that known vulnerabilities can be patched at the earliest opportunity.
Timeline
On April 02, 2026, Sangfor FarSight Labs received notification of the user-after-free vulnerability in Dawn in Google Chrome (CVE-2026-5281).
On April 02, 2026, Sangfor FarSight Labs released a vulnerability alert.
Reference
https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html
Learn More
Sangfor FarSight Labs researches the latest cyber threats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyber threats, providing fast and easy protection for customers.
