**Critical Chrome Zero-Day Added to CISA's Known Exploited Vulnerabilities Catalog**

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in Google Dawn to its Known Exploited Vulnerabilities (KEV) catalog, highlighting the importance of prioritizing browser security updates. The vulnerability, tracked as CVE-2026-5281 with a CVSS score of 8.8, is a use-after-free bug that could allow remote attackers to execute arbitrary code via a crafted HTML page.

Google Dawn is the WebGPU component used for graphics processing in Google Chrome prior to version 146.0.7680.178. The agency's KEV catalog lists known exploited vulnerabilities that pose significant risk to federal agencies and other organizations, emphasizing the need for prompt remediation. In this case, CISA has ordered federal agencies to fix the vulnerability by April 15, 2026.

**Google Chrome Updates Patch Critical Flaw**

This week, Google released updates fixing 21 vulnerabilities in Chrome, including CVE-2026-5281, which is being actively exploited in the wild. The company urges users to update their browsers immediately to reduce the risk of attacks. "Google is aware that an exploit for CVE-2026-5281 exists in the wild," reads the advisory.

A use-after-free (UAF) bug occurs when a program continues to use a piece of memory after it has already been freed, allowing attackers to crash applications or execute malicious code. Google fixed the Chrome zero-day and recommends updating to version 146.0.7680.177/178 for Windows and macOS users, or 146.0.7680.177 for Linux users.

**CISA's Known Exploited Vulnerabilities Catalog: A Guide for Organizations**

The CISA KEV catalog serves as a critical resource for organizations to identify and address known exploited vulnerabilities in their infrastructure. As part of the Binding Operational Directive (BOD) 22-01, federal agencies are required to address identified vulnerabilities by due dates to protect their networks against attacks.

Private organizations are also recommended to review the Catalog and address the vulnerabilities in their infrastructure. This proactive approach can help prevent data breaches and reduce the risk of malware infections. CISA's efforts underscore the importance of staying up-to-date with security patches and updates, particularly for critical components like Google Dawn.

**Key Takeaways:**

* The U.S. CISA has added a critical flaw in Google Dawn to its Known Exploited Vulnerabilities catalog. * CVE-2026-5281 is a use-after-free bug that could allow remote attackers to execute arbitrary code via a crafted HTML page. * Google Chrome updates have patched the vulnerability, and users are urged to update their browsers immediately. * CISA's KEV catalog serves as a valuable resource for organizations to identify and address known exploited vulnerabilities in their infrastructure.

By staying informed about the latest security threats and patches, organizations can better protect themselves against cyber attacks and maintain a robust cybersecurity posture. Stay vigilant, stay secure!