Changeflow GovPing Data Privacy & Cybersecurity Zero-Day Chrome Vulnerability - Immediate Updat...
Urgent Notice Added Final

Zero-Day Chrome Vulnerability - Immediate Update Required

Favicon for www.csa.gov.sg CSA Alerts & Advisories (Singapore)
Published
Detected
Email

Summary

The Cyber Security Agency of Singapore issued an urgent alert regarding CVE-2026-5281, a use-after-free zero-day vulnerability in Google Chrome's Dawn WebGPU implementation. The vulnerability affects Chrome versions prior to 146.0.7680.177/178 on Windows and Mac, and 146.0.7680.177 on Linux, and is reportedly being actively exploited in the wild.

View original document View source feed page

What changed

Google released security updates addressing a critical use-after-free vulnerability (CVE-2026-5281) in Chrome's Dawn WebGPU implementation. Successful exploitation allows remote attackers with compromised renderer processes to execute arbitrary code via crafted HTML pages. The vulnerability affects all major desktop platforms (Windows, Mac, Linux).\n\nChrome users must immediately update to version 146.0.7680.177/178 (Windows/Mac) or 146.0.7680.177 (Linux). Users should enable automatic updates and monitor for patches for other Chromium-based browsers (Microsoft Edge, Brave, Opera, Vivaldi). While no formal compliance deadline is specified, the active exploitation status demands immediate action.

What to do next

  1. Update Chrome immediately to version 146.0.7680.177/178 or later
  2. Enable automatic updates in Chrome browser settings
  3. Monitor and apply patches for Chromium-based browsers (Edge, Brave, Opera, Vivaldi) when released

Archived snapshot

Apr 2, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

Alerts

Active Exploitation of Zero-Day Vulnerability in Google Chrome

2 April 2026

Google has released security updates addressing a zero-day vulnerability in its Chrome browser. Users of Chrome browsers are advised to update to the latest version immediately.

Background

Google has released security updates addressing a zero-day vulnerability (CVE-2026-5281) in its Chrome browser.

Impact

Successful exploitation of the use-after-free vulnerability in Google Chrome’s Dawn WebGPU implementation could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.

Known Exploitation

This vulnerability is reportedly being exploited in the wild.

Affected Products

This vulnerability affects versions of Google Chrome prior to 146.0.7680.177/178 for Windows and MAC, and 146.0.7680.177 for Linux.

Recommendations

Users of Chrome browsers are advised to update their browser to the latest version. Users are also encouraged to enable automatic updates in their Chrome browser to ensure that their software is updated promptly.

Users of other Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, are also advised to apply the fixes as soon as they become available.

References

https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html

https://nvd.nist.gov/vuln/detail/CVE-2026-5281

https://thehackernews.com/2026/04/new-chrome-zero-day-cve-2026-5281-under.html

Back to top

Related changes

Favicon for www.csa.gov.sg SingCERT Security Bulletin: Critical Vulnerabilities Week of 8 April 2026
Priority review Apr 08, 2026 CSA Alerts & Advisories (Singapore) Data Privacy & Cybersecurity
Favicon for www.bcsc.bc.ca CSA Proposes Amendment to Insider Reporting Requirements for Structured Products
Priority review Apr 10, 2026 BCSC News Releases Banking & Finance
Favicon for lautorite.qc.ca CSA Publishes Proposed Amendment to Insider Reporting Requirements for Investment Funds and Structured Products
Priority review Apr 10, 2026 AMF Quebec News Banking & Finance

Get daily alerts for CSA Alerts & Advisories (Singapore)

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for www.csa.gov.sg
CSA Alerts & Advisories (Singapore) csa.gov.sg/alerts-advisories
Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from CSA.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
CSA
Published
April 2nd, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Minor

Who this affects

Applies to
Consumers Technology companies Government agencies
Industry sector
3341 Computer & Electronics Manufacturing 5112 Software & Technology
Activity scope
Software Security Patch Management
Geographic scope
Singapore SG

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Data Privacy Technology

Browse Categories

Agriculture & Food Safety 64 AI Regulation 3 Banking & Finance 292 Consumer Protection 44 Courts & Legal 362 Data Privacy & Cybersecurity 74 Defense & National Security 52 Education 19 Energy 101 Environment 86 Environmental Regulation 8 Financial Regulation 2 Government & Legislation 280 Healthcare 136 Housing 16 Immigration 8 Insurance 58 Labor & Employment 113 Pharma & Drug Safety 104 Public Health 3 Securities & Markets 104 Securities Regulation 9 Tax 66 Telecom & Technology 47 Trade & Sanctions 136 Transportation 57

Get alerts for this source

We'll email you when CSA Alerts & Advisories (Singapore) publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!