216.73.217.22

CVE-2026-5281

· Published 01/04/2026 02:00 · Modified 09/04/2026 20:05 · Author: The MITRE Corporation

Labels: CVE-2026-5281 2026-04-01CVE-2026-5281CWE-416[email protected]

Essential information

Published
01/04/2026 02:00
Modified
09/04/2026 20:05
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
8.8 HIGH (v3.1)
CISA KEV
Yes
CWE
CWE-416
EPSS (First)
P11.3% ?EPSS percentile: rank of this vulnerability versus all others. Higher percentile = more likely to be exploited. Learn more (score 0.00038)
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS metrics

Description

Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability could affect multiple Chromium-based products including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
google / chrome cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
apple / macos cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
microsoft / windows cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Related entities

Attack reports, intrusion sets, malwares, attack patterns and indicators linked to this vulnerability.

Attack reports (1)