Google has released Chrome version 146, an update that resolves 21 security vulnerabilities, notably addressing a zero-day exploit actively used in cyber threats. This update reinforces the browser’s security and is crucial for users worldwide.
Critical Vulnerability Addressed
Among the patched vulnerabilities is CVE-2026-5281, identified as a use-after-free flaw in Chrome’s graphics processing layer, Dawn. Google confirmed the existence of an exploit for this vulnerability in real-world scenarios, posing significant security risks.
Although Google has not disclosed details about the attacks leveraging CVE-2026-5281, such vulnerabilities typically enable sandbox escapes or arbitrary code execution, which can severely compromise user security.
Recognition for Reporting
An anonymous researcher has been credited for discovering this zero-day flaw. This same individual also identified another high-severity use-after-free issue within Dawn, labeled CVE-2026-5284, which currently shows no signs of exploitation.
This marks the fourth zero-day vulnerability in Chrome addressed by Google this year, following the fixes of CVE-2026-2441, CVE-2026-3909, and CVE-2026-3910. These efforts highlight the continuous threats faced by modern browsers and the importance of timely updates.
Ongoing Security Enhancements
All 21 vulnerabilities addressed in this update were reported in March. Google has yet to finalize the bug bounty rewards for the researchers who contributed to these findings. This initiative underscores the company’s commitment to cybersecurity and transparency.
Google continues to emphasize the importance of regular updates, aiming to enhance security further with a planned two-week release schedule for Chrome. This proactive approach is essential in maintaining robust defenses against emerging cyber threats.
As the company works towards implementing quantum-safe HTTPS certificates, users are encouraged to keep their browsers updated to benefit from the latest security measures.
