嗯,用户让我帮忙总结一篇文章的内容,控制在一百个字以内,而且不需要用“文章内容总结”之类的开头。首先,我得仔细阅读这篇文章,了解主要信息。 文章讲的是Google修复了Chrome浏览器的一个零日漏洞,这是今年修复的第四个了。漏洞编号是CVE-2026-5281,属于Dawn组件中的use-after-free问题。攻击者可以利用这个漏洞导致浏览器崩溃、数据损坏等问题。Google已经发布了紧急更新,并且提到修复可能需要几天或几周时间。 接下来,我需要提取关键点:零日漏洞、修复、今年的第四个、漏洞来源、影响、更新情况。然后把这些信息浓缩成一句话,不超过一百个字。 可能的结构是:Google修复了Chrome的一个零日漏洞(CVE-2026-5281),这是今年的第四个,源于Dawn组件的问题,可能导致浏览器崩溃等。紧急更新已发布,但可能需要几天或几周才能完全覆盖所有用户。 这样既涵盖了主要信息,又符合字数限制和格式要求。 </think> Google修复了Chrome浏览器的一个零日漏洞(CVE-2026-5281),这是今年修复的第四个此类漏洞。该漏洞源于Dawn组件中的use-after-free问题,可能导致浏览器崩溃、数据损坏等。紧急更新已发布,但可能需要几天或几周时间才能完全覆盖所有用户。 2026-4-1 10:30:19 Author: www.bleepingcomputer.com(查看原文) 阅读量:4 收藏
Google released emergency updates to fix another Chrome zero-day vulnerability exploited in attacks, marking the fourth such security flaw patched since the start of the year.
"Google is aware that an exploit for CVE-2026-5281 exists in the wild," Google said in a security advisory issued on Tuesday.
As detailed in the Chromium commit history, this vulnerability stems from a use-after-free weakness in Dawn, the underlying cross-platform implementation of the WebGPU standard used by the Chromium project.
Attackers can exploit this Dawn security flaw to trigger web browser crashes, data corruption, rendering issues, or other abnormal behavior.
While Google has found evidence that threat actors were exploiting this zero-day flaw in the wild, it did not share details about these incidents.
"Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed," the company noted.
Google has now fixed the zero-day for users in the Stable Desktop channel, with new versions rolling out to Windows, macOS (146.0.7680.177/178), and Linux users (146.0.7680.177). While Google says that this out-of-band update could take days or weeks to reach all users, it was immediately available when BleepingComputer checked for updates today.
If you don't want to update the browser manually, you can also have it check for updates at the next launch and install them automatically.
This is the fourth actively exploited Chrome zero-day patched since the start of the year. The first (CVE-2026-2441) was an iterator invalidation bug in CSSFontFeatureValuesMap (Chrome's implementation of CSS font feature values), which Google addressed in mid-February.
Google patched two other Chrome zero-day bugs exploited in attacks earlier this month: the first is an out-of-bounds write weakness in the Skia 2D graphics library (CVE-2026-3909), and the second is an inappropriate implementation vulnerability in the V8 JavaScript and WebAssembly engine (CVE-2026-3910).
In 2025, Google fixed a total of eight zero-days exploited in the wild, many of which were discovered and reported by Google's Threat Analysis Group (TAG), which is known for tracking and identifying zero-day exploits used in spyware attacks.
Automated Pentesting Covers Only 1 of 6 Surfaces.
Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.
This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.
如有侵权请联系:admin#unsafe.sh