Changeflow GovPing Data Privacy & Cybersecurity Zero-Day Chrome Vulnerability - Immediate Updat...
Urgent Notice Added Final

Zero-Day Chrome Vulnerability - Immediate Update Required

Favicon for www.csa.gov.sg CSA Alerts & Advisories (Singapore)
Published April 2nd, 2026
Detected April 2nd, 2026
Email

Summary

The Cyber Security Agency of Singapore issued an urgent alert regarding CVE-2026-5281, a use-after-free zero-day vulnerability in Google Chrome's Dawn WebGPU implementation. The vulnerability affects Chrome versions prior to 146.0.7680.177/178 on Windows and Mac, and 146.0.7680.177 on Linux, and is reportedly being actively exploited in the wild.

View original document View source feed page

What changed

Google released security updates addressing a critical use-after-free vulnerability (CVE-2026-5281) in Chrome's Dawn WebGPU implementation. Successful exploitation allows remote attackers with compromised renderer processes to execute arbitrary code via crafted HTML pages. The vulnerability affects all major desktop platforms (Windows, Mac, Linux).\n\nChrome users must immediately update to version 146.0.7680.177/178 (Windows/Mac) or 146.0.7680.177 (Linux). Users should enable automatic updates and monitor for patches for other Chromium-based browsers (Microsoft Edge, Brave, Opera, Vivaldi). While no formal compliance deadline is specified, the active exploitation status demands immediate action.

What to do next

  1. Update Chrome immediately to version 146.0.7680.177/178 or later
  2. Enable automatic updates in Chrome browser settings
  3. Monitor and apply patches for Chromium-based browsers (Edge, Brave, Opera, Vivaldi) when released

Source document (simplified)

Alerts

Active Exploitation of Zero-Day Vulnerability in Google Chrome

2 April 2026

Google has released security updates addressing a zero-day vulnerability in its Chrome browser. Users of Chrome browsers are advised to update to the latest version immediately.

Background

Google has released security updates addressing a zero-day vulnerability (CVE-2026-5281) in its Chrome browser.

Impact

Successful exploitation of the use-after-free vulnerability in Google Chrome’s Dawn WebGPU implementation could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.

Known Exploitation

This vulnerability is reportedly being exploited in the wild.

Affected Products

This vulnerability affects versions of Google Chrome prior to 146.0.7680.177/178 for Windows and MAC, and 146.0.7680.177 for Linux.

Recommendations

Users of Chrome browsers are advised to update their browser to the latest version. Users are also encouraged to enable automatic updates in their Chrome browser to ensure that their software is updated promptly.

Users of other Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, are also advised to apply the fixes as soon as they become available.

References

https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html

https://nvd.nist.gov/vuln/detail/CVE-2026-5281

https://thehackernews.com/2026/04/new-chrome-zero-day-cve-2026-5281-under.html

Back to top

Related changes

Favicon for www.csa.gov.sg Critical Axios Supply Chain Compromise via npm
Urgent Apr 01, 2026 CSA Alerts & Advisories (Singapore) Data Privacy & Cybersecurity
Favicon for www.csa.gov.sg TeamPCP Supply-Chain Campaign Targets Open-Source Projects with Malware
Priority review Mar 27, 2026 CSA Alerts & Advisories (Singapore) Data Privacy & Cybersecurity
Favicon for www.csa.gov.sg Critical Vulnerability in TP-Link Archer Products
Urgent Mar 26, 2026 CSA Alerts & Advisories (Singapore) Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de pfSense Remote Code Execution Vulnerabilities
Priority review Apr 02, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de HCL BigFix Platform Multiple Vulnerabilities
Priority review Apr 02, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de VertiGIS FM Critical Vulnerability - Remote Code Execution and XSS
Urgent Apr 02, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity

Source

Favicon for www.csa.gov.sg
CSA Alerts & Advisories (Singapore) csa.gov.sg/alerts-advisories
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CSA
Published
April 2nd, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Minor

Who this affects

Applies to
Consumers Technology companies Government agencies
Industry sector
3341 Computer & Electronics Manufacturing 5112 Software & Technology
Activity scope
Software Security Patch Management
Geographic scope
Singapore SG

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Data Privacy Technology

Browse Categories

Agriculture & Food Safety 63 AI Regulation 3 Banking & Finance 266 Consumer & Competition 1 Consumer Protection 44 Courts & Legal 358 Data Privacy & Cybersecurity 74 Defense & National Security 52 Education 20 Energy 107 Environment 85 Government & Legislation 274 Healthcare 135 Housing 16 Immigration 9 Insurance 58 Labor & Employment 113 Legal & Courts 1 medical-board 1 Pharma & Drug Safety 103 Securities & Markets 104 Tax 65 Tax & Revenue 1 Telecom & Technology 47 Trade & Sanctions 124 Transportation 57

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CSA Alerts & Advisories (Singapore) publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.