HIGHVulnerability
Verified
Global

CISA KEV: Google Dawn — Google Dawn Use-After-Free Vulnerability

·Source: CISA KEV

Updated:

Executive Summary

Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability could affect multiple Chromium-based products including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Analysis

Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability could affect multiple Chromium-based products including, but not limited to, Google Chrome, Microsoft Edge, and Opera. Added to CISA Known Exploited Vulnerabilities catalog on 2026-04-01. Remediation due: 2026-04-15.

Indicators of Compromise (1)

CVE (1)
CVE-2026-5281
NVDMITRE CVE
Source Attribution

Originally published by CISA KEV on Apr 1, 2026. Verified by: CISA.

Related Threats

CRITICALVulnerability

NVD CRITICAL: CVE-2026-7637 — The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions...

The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOST_USER_LOCATION cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or them

CVE-2026-7637
NIST NVD
MEDIUMVulnerability

GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories

GitHub on Tuesday said it's investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform's source code and internal organizations for sale on a cybercrime forum. "While we currently have no evidence of impact to customer information stored outside of GitHub's internal repositories (such as our customers' enterprises,

The Hacker News
CRITICALVulnerability

NVD CRITICAL: CVE-2026-7284 — The Easy Elements for Elementor – Addons & Website Templates plugin for WordPres...

The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.4.4. This is due to the 'easyel_handle_register' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registr

CVE-2026-7284
NIST NVD