Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome

Google has announced a Chrome 146 update that patches 21 vulnerabilities, including a zero-day that has been exploited in the wild.

According to an advisory from Google, the latest browser update fixes 19 high-severity and 2 medium-severity issues.

The exploited vulnerability is tracked as CVE-2026-5281, and it has been described as a use-after-free issue in Dawn, Chrome’s graphics layer.

“Google is aware that an exploit for CVE-2026-5281 exists in the wild,” Google said.

Google has not shared information on the attacks exploiting CVE-2026-5281. However, these types of vulnerabilities are often exploited for sandbox escapes or arbitrary code execution.

The company has credited an anonymous researcher for reporting the zero-day. The same researcher has also been credited for a different high-severity use-after-free issue in Dawn, but that flaw, tracked as CVE-2026-5284, does not appear to have been exploited in the wild.

This is the fourth Chrome zero-day patched this year ...