Google warns of another Chrome security flaw exploited by hackers
What's the story
Google has issued a security warning for its Chrome browser after confirming that hackers have exploited a vulnerability in the system, marking the second such advisory in days. The issue, dubbed CVE-2026-5281, is a zero-day exploit. This means it's an unknown software or hardware security flaw that the vendor (in this case, Google) has had "zero days" to patch before it was targeted by attackers.
Technical details
Flaw affects Dawn WebGPU component of Chrome
The CVE-2026-5281 flaw impacts the Dawn WebGPU component of Chrome. This component translates complex graphics instructions from websites into formats compatible with different devices, ensuring smooth rendering of advanced visuals and computations across platforms. If exploited by a cybercriminal, this vulnerability could be used to corrupt data, crash systems, and execute malicious code via a dummy HTML page.
Response measures
Google is rolling out a security update
Google is rolling out a security update to fix this vulnerability, along with 20 other issues. However, the rollout process could take weeks, during which users' systems could be at risk. To mitigate this threat, Chrome users are advised to manually check for updates by going to the three-dot menu > Help > About Google Chrome and restarting their browser after any pending updates are installed.
Past incidents
Previous zero-day vulnerabilities in Chrome
Notably, this isn't the first time Google has dealt with zero-day exploits in Chrome. On March 13, 2026, the tech giant released emergency security updates after discovering that two high-severity vulnerabilities were being actively exploited by hackers. These flaws, identified as CVE-2026-3909 and CVE-2026-3910, posed a risk to organizational data integrity and system availability.