Google has released emergency security updates addressing CVE20265281, a high severity (CVSS score: N/A), actively exploited zero day impacting its Chrome browser.

Overview

The flaw is a UseAfterFree (UAF) vulnerability in the Dawn WebGPU component, allowing remote code execution via crafted HTML pages when an attacker has already compromised the renderer process. Google has confirmed exploitation occurring in the wild and has deliberately withheld deeper technical details to prevent further weaponisation.

Vulnerability Details:

  • CVE ID: CVE20265281
  • Type: UseAfterFree memory corruption (CWE416)
  • Component: Dawn – WebGPU implementation
  • Impact:
    • Remote Code Execution (postrenderer compromise) via crafted HTML
    • Bypass of security boundaries

Severity: High

Description:

The vulnerability appears when Chrome’s Dawn WebGPU component improperly manages memory references after they are freed. Attackers can leverage dangling pointers to execute malicious code or escalate their position.


Exploitation Activity:

Google has explicitly confirmed that exploitation is active in the wild.

Security researchers emphasize that this zeroday is being used in ongoing attacks, highlighting the urgency for immediate patching.

Affected Versions:

The vulnerability impacts Google Chrome versions prior to:

  • Windows/macOS: 146.0.7680.177 / 146.0.7680.178
  • Linux: 146.0.7680.177

Other Chromiumbased browsers are also vulnerable until their respective updates are released, including:

  • Microsoft Edge
  • Vivaldi
  • Brave
  • Opera

 

Patch & Mitigation Guidance

Apply Chrome Security Updates Immediately

Google has issued updated Chrome builds for all major desktop platforms. Users should update by navigating to:

Chrome Menu → Help → About Google Chrome → Relaunch to Update

Users of other Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, are also advised to apply the fixes as and when they become available.

 

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively get in touch to find out how you can protect your organisation.  

 

Contact Us