Google has released emergency security updates addressing CVE20265281, a high severity (CVSS score: N/A), actively exploited zero day impacting its Chrome browser.
The flaw is a UseAfterFree (UAF) vulnerability in the Dawn WebGPU component, allowing remote code execution via crafted HTML pages when an attacker has already compromised the renderer process. Google has confirmed exploitation occurring in the wild and has deliberately withheld deeper technical details to prevent further weaponisation.
Severity: High
The vulnerability appears when Chrome’s Dawn WebGPU component improperly manages memory references after they are freed. Attackers can leverage dangling pointers to execute malicious code or escalate their position.
Google has explicitly confirmed that exploitation is active in the wild.
Security researchers emphasize that this zero‑day is being used in ongoing attacks, highlighting the urgency for immediate patching.
The vulnerability impacts Google Chrome versions prior to:
Other Chromiumbased browsers are also vulnerable until their respective updates are released, including:
Apply Chrome Security Updates Immediately
Google has issued updated Chrome builds for all major desktop platforms. Users should update by navigating to:
Chrome Menu → Help → About Google Chrome → Relaunch to Update
Users of other Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, are also advised to apply the fixes as and when they become available.
If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively get in touch to find out how you can protect your organisation.