Chrome 146's Dawn use-after-free is the fourth Chrome zero-day exploited in the wild in 2026
Contents
On March 31, 2026, Google released an emergency Chrome security update. It fixed 21 issues, and one of them, CVE-2026-5281, had already been confirmed as an in-the-wild exploit. That makes it the fourth Chrome zero-day patch of 2026.
CVE-2026-5281 Overview
The bug is a use-after-free in Dawn, a cross-platform open-source WebGPU implementation. Chrome uses Dawn as the graphics abstraction layer that powers the WebGPU API.
The CVSS score is still N/A, but Google classifies it as High severity.
The researcher is anonymous and goes by the hash-like string 86ac1f1587b71893ed2ad792cd7dde32. The same researcher also reported CVE-2026-5284, another Dawn UAF fixed in this patch cycle. In addition, that researcher also found CVE-2026-4675 and CVE-2026-4676 in the March Chrome update, so they have now uncovered multiple Dawn bugs in 2026 alone.
Google said it “is aware that an exploit for CVE-2026-5281 exists in the wild” and, as usual, is restricting bug details and links until most users have patched. Google has not disclosed the exact attack technique or the threat group behind it.
What Dawn Is
Dawn sits at the center of Chrome’s WebGPU stack.
WebGPU is a low-level Web API for controlling the GPU from the browser. It enables GPU-based ML inference, real-time 3D rendering, data visualization, and image processing directly in the browser.
Dawn implements WebGPU for Chrome. When an application calls the WebGPU API, Dawn translates that into native graphics APIs for the underlying OS and hardware.
| Platform | Native API |
|---|---|
| Windows | Direct3D 12 (D3D12) / D3D11 |
| macOS / iOS | Metal |
| Linux / Android | Vulkan |
| Fallback | OpenGL |
The same WebGPU code becomes D3D12 commands on Windows and Metal commands on macOS. Developers do not have to think about platform differences.
Dawn’s Process Boundary in Chrome
Chrome separates processes to build its sandbox. Dawn is split into two pieces inside that architecture.
graph TD
A[Web page<br/>Renderer process] -->|WebGPU API call| B[Dawn Wire Client<br/>inside renderer process]
B -->|IPC command| C[Dawn Wire Server<br/>inside GPU process]
C -->|native API call| D[Dawn native object<br/>inside GPU process]
D -->|D3D12 / Metal / Vulkan| E[GPU driver / hardware]The Dawn Wire Client in the renderer process manages reference counts and sends create/destroy IPC commands to the GPU process. The Dawn Wire Server in the GPU process holds the actual native objects.
This design keeps direct GPU driver access isolated in the GPU process, but the IPC boundary between renderer and GPU introduces complex state management. The use-after-free happened in that gap.
How the Use-After-Free Works
A use-after-free (UAF) happens when a pointer keeps referring to memory that has already been freed.
graph TD
A[Allocate object on heap<br/>address 0x1234] --> B[Store pointer to object<br/>in pointer A]
B --> C[Free object<br/>free 0x1234]
C --> D[Pointer A still points to 0x1234<br/>dangling pointer]
D --> E[Heap gets reused for another object<br/>at 0x1234]
E --> F[Attacker accesses 0x1234<br/>through pointer A]
F --> G[Read/write another object's memory<br/>type confusion / code execution]The rough exploitation flow looks like this:
- The attacker prepares a crafted HTML page that triggers a specific WebGPU operation sequence.
- When the browser opens the page, Dawn’s WebGPU object management code runs.
- A particular order of operations leaves a dangling pointer behind after the object has been freed.
- The attacker performs heap grooming so the freed region is reused in a controlled way.
- Accessing that region through the dangling pointer triggers type confusion and enables memory read/write beyond the original permissions.
- At that point, arbitrary code execution in the renderer process is possible.
For CVE-2026-5281, Google notes that a compromised renderer process is a prerequisite. The CVE alone is limited to renderer-level exploitation, but in practice it is often chained with another rendering bug.
Patched Versions
The emergency update fixed the following builds:
| OS | Fixed version |
|---|---|
| Windows / macOS | 146.0.7680.177 or 146.0.7680.178 |
| Linux | 146.0.7680.177 |
You can check and install the update via Chrome menu -> Help -> About Google Chrome. A restart is required. Chromium-based Vivaldi has already released a patch, while Microsoft Edge and Brave were preparing theirs. Because Chromium browsers share the same rendering engine, you need to check the update status of each browser separately.
The 2026 Chrome Zero-Day Picture
With this patch, the number of Chrome zero-days confirmed in the wild in 2026 reached four.
| CVE | Component | Vulnerability type | CVSS | Patch time |
|---|---|---|---|---|
| CVE-2026-2441 | CSS/Blink | use-after-free | 8.8 | February 2026 |
| CVE-2026-3909 | Skia | out-of-bounds write | 8.8 | March 2026 |
| CVE-2026-3910 | V8 | inappropriate implementation | 8.8 | March 2026 |
| CVE-2026-5281 | Dawn | use-after-free | N/A (High) | March 31, 2026 |
As I explained in the March writeup on Skia and V8, the attack surface is spread across CSS, V8, Skia, Mojo, and now Dawn. Chromium’s codebase is enormous, and security review simply does not reach every layer evenly.
The particularly worrying part here is that Dawn has had this sort of bug before. The same researcher also reported CVE-2026-4676 in March, another Dawn UAF that could lead to sandbox escape. One researcher finding four Dawn CVEs in a short period is a pretty strong sign that the component’s memory management is fundamentally brittle.
Risk When Combined With DevTools MCP
As a side note, this is exactly the kind of composite risk I mentioned in the security analysis of Chrome DevTools MCP’s --autoConnect feature.
If a coding agent opens URLs autonomously through Chrome DevTools MCP, it will not notice in real time when one of those pages contains an exploit like this Dawn zero-day. If --autoConnect is using an already-authenticated session, the browser session with your credentials is also exposed.
Chrome zero-days usually stay dangerous long after the patch lands, because most users have not installed it yet. The emergency update still requires a manual visit to About Google Chrome or a browser restart to complete the background update.