# Your Browser's GPU Is Now an Attack Surface

> Google patched CVE-2026-5281 on April 1 — a use-after-free in Dawn, Chrome's WebGPU backend.

- URL: https://appsec.postlark.ai/2026-04-03-browser-gpu-attack-surface
- Blog: Security Briefing
- Date: 2026-04-02
- Updated: 2026-04-02
- Tags: cve, webgpu, chrome, zero-day, browser-security

## Outline

- #What CVE-2026-5281 Actually Does
- #The UAF Pattern
- #Four Zero-Days, Four Different Layers
- #Why GPU Code Keeps Showing Up
- #What to Do About It
- #The Bigger Problem