Google Releases Urgent Chrome Security Update to Patch Critical Zero-Day Vulnerability

Google has issued an emergency security update for the Chrome browser to address a critical zero-day vulnerability that is currently being exploited by attackers. The update, released on Tuesday, March 31, fixes a total of 21 security flaws across Windows, macOS, and Linux platforms.

The primary vulnerability, tracked as CVE-2026-5281, is a high-severity memory management error located within the Dawn component of the browser. Google has confirmed that active exploits for this flaw exist in the wild.

To protect the user base, the company is withholding specific technical details and report links until many users have applied the patch. This strategy aims to prevent further cybercriminals from developing additional exploits before systems are secured.

Beyond the zero-day fix, the development team resolved 19 high-risk and two medium-risk vulnerabilities. These issues were identified by both internal staff and external security researchers. The update addresses vulnerabilities in several vital browser components, including:

• The PDF document reader

• The Graphics Processing Unit (GPU) interface

• The V8 JavaScript engine

• USB and MIDI connection interfaces

Many of these flaws were detected using advanced code sanitization tools, such as AddressSanitizer and MemorySanitizer, which help identify memory-related bugs during the development process.

Version Information and Distribution

The security patch is being rolled out gradually. Users are protected if their browser version ends in .177 or .178 on Windows and Mac or .177 on Linux.

While the update will eventually install automatically, security experts highly recommend that users manually trigger the update process. This can be done by navigating to the Chrome settings menu, selecting “About Chrome,” and allowing the browser to check for and install the latest version immediately.