CVE-2026-5281

HIGH KEV

Google Chrome < 146.0.7680.178 - Use After Free

Title source: rule

Description

Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Exploits (3)

github NO CODE 1 stars

by Hex0rc1st · pythonpoc

https://github.com/Hex0rc1st/CVE_POC_monitor/tree/main/article/uploads/demo_1775031131/【在野漏洞预警】Chrome浏览器沙箱逃逸漏洞（CVE-2026-5281）

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by TheMalwareGuardian · poc

https://github.com/TheMalwareGuardian/CVE-2026-5281

View Code ZIP pw:eip

nomisec WORKING POC

by umair-aziz025 · client-side

https://github.com/umair-aziz025/CVE-2026-5281-Research-Toolkit

View Code ZIP pw:eip

References (3)

https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html

https://issues.chromium.org/issues/491518608

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-5281

Scores

CVSS v3 8.8

EPSS 0.0080

EPSS Percentile 74.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2026-04-01

VulnCheck KEV 2026-03-31

ENISA EUVD EUVD-2026-17795

CWE

CWE-416

Status published

Products (2)

google/chrome < 146.0.7680.177

Google/Chrome 146.0.7680.178

Published Apr 01, 2026

KEV Added Apr 01, 2026

Tracked Since Apr 01, 2026