CVE-2026-5281

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 146.0.7680.178 Chromium-based browsers (Edge, Brave, Opera, Vivaldi) (affected versions not specified) iOS versions prior to 26

Description A use-after-free issue exists in Dawn, the WebGPU (Web Graphics Library Next) layer in Chromium. This flaw allows a remote attacker to execute arbitrary code within the renderer process via a specially crafted HTML page. Successful exploitation typically requires a prior compromise of the renderer process and user interaction. This issue has been actively exploited in the wild and is associated with the DarkSword exploit chain on iOS to achieve remote code execution, sandbox escape, and privilege escalation.

Recommendations Update to version 146.0.7680.178 or later. Apply vendor-specific security updates. Update to iOS 26 or apply the iOS 18 backported security updates. As a temporary workaround, consider disabling WebGPU or hardware acceleration and restricting access to untrusted web content.