Google has issued a new alert for its Chrome browser following a major security update, after confirming that a high-severity zero-day vulnerability, tracked as CVE-2026-5281, is being actively exploited in the wild.
The vulnerability threatens the world’s 3.5 billion Chrome users, as per Forbes.
The Alphabet-owned Google has already started distributing the latest security update to fix this high-severity flaw, along with 20 other vulnerabilities.
The update launch is likely to be launched in several days or may even take weeks ahead of reaching all Chrome users.
Meanwhile, users who urgently need protection are required to manually update their browser to apply the patch without waiting.
About CVE-2026-5281 zero-day
Zero-day vulnerabilities in Chrome are rapidly increasing. The latest flaw marks the fourth such vulnerability patched by Google in the ongoing year alone, highlighting increasing security concerns.
CVE-2026-5281 is a “use-after-free” memory vulnerability affecting Chrome’s Dawn WebGPU component.
If exploited, it could let attackers execute malicious code via specially crafted web pages, potentially leading to data corruption or browser crashes.
While considering the gravity of the issue, the US Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities catalogue, urging organisations to update systems immediately.
Experts recommended users not to wait for automatic updates and rather manually check for updates via Chrome settings to ensure protection against this and other recently patched flaws.
