AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

🔥 This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)

CVE-2026-5281: Google Dawn Use-After-Free Vulnerability

infovulnerability🔥 Actively Exploited

security

Source: CISA Known Exploited VulnerabilitiesMarch 31, 2026CVE-2026-5281

Summary

Google Dawn has a use-after-free vulnerability (a bug where software tries to use memory that has already been freed), which could let a remote attacker run arbitrary code on affected systems through a malicious HTML page. This affects multiple Chromium-based browsers including Chrome, Edge, and Opera, and is currently being exploited by attackers.

Solution / Mitigation

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. For more information, see the Chrome releases blog and the NVD vulnerability database (links provided in source).

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Patch Available

Yes

Exploit Maturity

🔥 Actively Exploited

Disclosure Date

March 31, 2026

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-416

CAPEC (Attack Pattern)

CAPEC-233

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-5281

First tracked: April 1, 2026 at 08:00 PM

Classified by LLM (prompt v3) · confidence: 95%