Google released a security update for its Chrome web browser that fixes 21 distinct security issues, including a 0-day issue that is exploited in the wild.
You know the drill: If you run Chrome or have it installed, update asap to close the vulnerabilities and protect your systems from potential attacks.
My preferred way of updating the browser is to run winget upgrade google.chrome.exe from the command line. You can also start it, select Menu > Help > About Google Chrome.
The 21 vulnerabilities have a severity of high or medium. The 0-day vulnerability is CVE-2026-5281, which Google describes as a “Use after free in Dawn”.
- Use after free describes memory corruption vulnerabilities that occurs when a program attempts to access sections of computer memory that have already been released back to the system.
- Dawn is a WebGPU implementation.
The official description of the vulnerability is the following:
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
The new versions of the browser after installation of the update:
- Chrome for Windows: 146.0.7680.177 or 146.0.7680.178
- Chrome for Mac: 146.0.7680.177 or 146.0.7680.178
- Chrome for Linux: 146.0.7680.177
- Chrome for Android: 146.0.76380.177