Google patched CVE-2026-5281 on April 1 — a use-after-free in Dawn, Chrome's WebGPU backend. CISA added it to the Known Exploited Vulnerabilities catalog the same day, giving federal agencies until April 15 to patch. Active exploitation confirmed.
If this were just another Chrome UAF, it wouldn't deserve more than a "go update your browser" footnote. But CVE-2026-5281 is the fourth actively exploited Chrome zero-day this year, and the four bugs together paint a picture worth paying attention to.
What CVE-2026-5281 Actually Does
Dawn is Chromium's open-source implementation of WebGPU — the API that gives web pages near-native access to your GPU for rendering, compute shaders, and ML inference in the browser. The vulnerability sits in Dawn's buffer mapping logic: a race condition in the command queue management system where a reference to a GPU buffer persists after the underlying object has been deallocated.
In concrete terms: JavaScript submits work to the GPU through command buffers. Dawn allocates memory regions to track the asynchronous execution state of those tasks. Under specific timing conditions, the tracking memory gets freed while a stale pointer still references it. If an attacker can control what gets allocated into that freed slot, they own the control flow.
The bug requires prior renderer compromise to exploit — you can't trigger it cold from a webpage visit alone. That means it's part of an exploit chain: something else (a V8 bug, a DOM flaw, whatever initial vector) gets you into the renderer sandbox first, and then CVE-2026-5281 gets you out. A pseudonymous researcher who'd already reported two Dawn flaws patched in Chrome's March 23 update flagged this one too. Clearly someone spending serious time auditing this codebase.
The cross-platform reach makes it worse. Dawn translates WebGPU calls into platform-native graphics APIs — Direct3D 12 on Windows, Metal on macOS, Vulkan on Linux. The vulnerable code path exists in the shared abstraction layer above those backends, so every OS running Chromium is exposed. Update to Chrome 146.0.7680.177 (Linux) or 146.0.7680.178 (Windows/macOS).
The UAF Pattern
Use-after-free bugs follow a predictable lifecycle. Simplified:
1. allocate(buffer) → memory region assigned
2. use(buffer) → normal GPU operations
3. free(buffer) → memory returned to allocator
4. allocate(attacker_data) → freed slot reused with controlled content
5. use(buffer) → stale pointer reads attacker's dataStep 5 is where things break. The program thinks it's reading its own trusted state, but the attacker has replaced the contents of that memory region. In Dawn's case, the "trusted state" includes function pointers and execution metadata for GPU operations. Corrupt those, and you redirect control flow to arbitrary code — potentially escaping Chrome's sandbox entirely.
Four Zero-Days, Four Different Layers
Here's what's telling about 2026's Chrome zero-day roster so far:
| CVE | Component | Bug Class |
|---|---|---|
| CVE-2026-2441 | CSS handling | Memory corruption |
| CVE-2026-3909 | Skia (2D graphics) | Memory corruption |
| CVE-2026-3910 | V8 (JS/Wasm engine) | Type confusion |
| CVE-2026-5281 | Dawn (WebGPU) | Use-after-free |
CSS. Two-dimensional graphics. The JavaScript runtime. The GPU compute layer. Attackers aren't camping on one subsystem — they're systematically probing every major component of the browser stack. Each of those subsystems has its own memory management, its own concurrency model, its own assumptions about object lifetimes. Each one is a distinct attack surface.
Why GPU Code Keeps Showing Up
GPU-facing browser code has properties that make it a richer target than you might expect.
The concurrency problem. GPU work is inherently asynchronous. The CPU submits commands, the GPU executes them on its own timeline, and both sides need to agree on when resources are safe to free. That coordination is exactly where lifetime bugs hide. Memory safety is already hard in single-threaded code; add a second processor with its own execution model and you've created a category of bugs that static analysis mostly can't catch.
The maturity gap. V8 has been hardened through fifteen-plus years of security research, fuzzing campaigns, and bounty-funded audits. Dawn shipped with Chrome 113 in mid-2023. Three years of real-world attack surface exposure versus fifteen. The fuzzing coverage, the auditing depth, the collective security knowledge — none of it matches Chrome's older components yet. Attackers know where the newer seams are.
The privilege position. WebGPU exists to give web code closer-to-metal hardware access than WebGL offered. That's the entire value proposition — better performance through lower-level GPU operations. But closer to metal means a memory corruption bug carries more severe consequences. A UAF in DOM manipulation is bad. A UAF in GPU buffer management that can pivot through the graphics driver stack is meaningfully worse.
And here's the kicker: WebGPU adoption is accelerating. Browser-based ML inference, GPU-powered data visualization tools, WebGPU game engines — all of them exercise Dawn's code paths in increasingly diverse ways, which is exactly the kind of usage pattern that surfaces memory-lifecycle mistakes that simpler workloads never trigger.
What to Do About It
Patch. This is the obvious one. Chrome auto-updates, but enterprise-managed browsers and Chromium derivatives (Edge, Brave, Opera, Vivaldi) may lag. Google shipped the fix on April 1. Verify your fleet is actually running 146.0.7680.177+ — don't assume the update landed.
Restrict WebGPU where you don't need it. The Permissions-Policy: webgpu=() HTTP header disables WebGPU access for a page. If your internal web apps don't use GPU compute, set the header. This won't stop an attacker who already has renderer access through some other bug, but it removes one link from potential exploit chains. Defense in depth, not a silver bullet.
Audit your WebGPU exposure. A dashboard that renders your own data through WebGPU is low risk. A tool that processes user-uploaded 3D models or runs untrusted compute shaders is not. Know the difference in your environment.
Monitor Chromium-derivative patch timelines. If your org standardizes on a browser that isn't Chrome itself, track the gap between Google's patch date and your browser's actual release. Two days of lag is two days of known-exploited exposure.
The Bigger Problem
Four zero-days in four months, each hitting a different subsystem. The browser has absorbed so many responsibilities — GPU compute, WebAssembly execution, media codecs, Bluetooth, USB access, NFC — that its attack surface now resembles an operating system's. Unlike an actual OS, though, most organizations don't give their browser fleet the same security posture they'd give a server. Auto-update is on, so it's fine, right?
The gap between how we treat browsers and what browsers actually are — that's the real vulnerability here.