← back
CVE-2026-5281

CVE-2026-5281

CVSS 8.8 HIGHEPSS 5.0%● KEVCWE-416
In short

A use-after-free vulnerability in Chrome's graphics library (Dawn) allows an attacker who has already compromised the browser's renderer process to execute arbitrary code by serving a specially crafted webpage. This means if your browser is already partially compromised, an attacker could take full control of your computer.

Technical detail

Use-after-free vulnerability in Dawn (Chromium graphics layer) exploitable via crafted HTML in renderer process context. Requires prior renderer compromise (CWE-416: Use After Free). Impacts confidentiality, integrity, and availability through arbitrary code execution with renderer privileges.

Summary generated and translated by AI from the official description.
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · Chrome
public PoCs found1
githubgithub.com/jaf0rk/CVE-2026-52810
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.htmlhttps://issues.chromium.org/issues/491518608https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-5281