Exposures › CVE-2026-5281
Google Dawn (Chrome/Edge/Opera) use-after-free vulnerability enables remote code execution via crafted HTML.
A remote use-after-free flaw in Google Dawn allows attackers to execute arbitrary code through a malicious webpage, impacting all Chromium-based browsers. DIB orgs must patch immediately to prevent ransomware or espionage via compromised browser processes.
Shame score — A critical RCE vulnerability in a widely deployed browser product that is actively exploited, though not zero-day.
Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability could affect multiple Chromium-based products including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
| Product | Provider | Status | Match |
|---|---|---|---|
| Google Services (Google Cloud Platform Products and underlying Infrastructure) | Authorized | vendor-exact · 0.90 | |
| Google Workspace | Authorized | vendor-exact · 0.90 |