**Google** has issued a security update for Chrome to patch 21 vulnerabilities, including a zero-day that is currently being exploited. ### CVE-2026-5281: Use-After-Free in Dawn The vulnerability, **CVE-2026-5281** (CVSS score: N/A), is a use-after-free bug found in **Dawn**, an open-source implementation of the WebGPU standard. According to the **NIST**'s National Vulnerability Database (NVD), this flaw could allow a remote attacker who has compromised the renderer process to execute arbitrary code via a specially crafted HTML page. ### Active Exploitation **Google** has acknowledged that an exploit for **CVE-2026-5281** exists in the wild but has not provided specifics to prevent further exploitation before users can update. This is the fourth actively exploited Chrome zero-day patched since the beginning of the year. ### Previous Zero-Day Fixes This update follows recent patches for two high-severity flaws (**CVE-2026-3909** and **CVE-2026-3910**) and another use-after-free bug in Chrome's CSS component (**CVE-2026-2441**). ### Update Instructions Users should update their Chrome browser to versions 146.0.7680.177/178 for Windows and Apple macOS, and 146.0.7680.177 for Linux. To update, navigate to More > Help > About Google Chrome and select Relaunch. ### Chromium-Based Browsers Users of other Chromium-based browsers like **Microsoft Edge**, **Brave**, **Opera**, and **Vivaldi** should apply the fixes as soon as they are available.