Google has reportedly issued a security alert for Chrome users after confirming a new zero-day vulnerability that is already being exploited. According to a report by Forbes, the flaw, identified as CVE-2026-5281, affects the browser’s WebGPU component and could expose users to attacks. The report added that Google has started rolling out a fix, but the update may take days or weeks to reach all users globally.
What this vulnerability means
As per Forbes, the newly identified CVE-2026-5281 is a high-severity zero-day vulnerability, meaning attackers were able to exploit it before a patch became widely available. The flaw is described as a “use-after-free” memory issue in Chrome’s cross-platform Dawn WebGPU component.
If successfully exploited, the vulnerability could lead to data corruption or browser crashes. It may also allow attackers to execute arbitrary code through a specially crafted HTML page. Google has restricted detailed technical information for now, stating that access to such details may remain limited until a majority of users receive the fix.
The report also notes that this is the fourth zero-day vulnerability patched in Chrome so far this year, highlighting an increase compared to previous years.
Update rollout and what users can do
Google has begun rolling out a security update that addresses CVE-2026-5281 along with 20 additional vulnerabilities. However, as per Forbes, the update may not reach all users immediately due to the staged rollout process.
Users who want to install the update without waiting can manually check for it in Chrome settings. This can be done by opening the three-dot menu, navigating to “Help,” and selecting “About Google Chrome,” where the browser will automatically download and install any pending updates. Restarting the browser after installation will apply the fix.
