好的,我现在需要帮用户总结这篇文章的内容,控制在100字以内。首先,我得通读整篇文章,抓住关键信息。 文章主要讲的是美国CISA将Google Dawn中的一个漏洞加入已知被利用的漏洞目录。这个漏洞的编号是CVE-2026-5281,CVSS评分8.8。它是一个Use-after-free类型的安全漏洞,存在于Google Chrome的早期版本中,影响到WebGPU组件。攻击者可以利用这个漏洞通过精心制作的HTML页面执行任意代码。 此外,这个漏洞影响了多个基于Chromium的产品,包括Chrome、Edge和Opera。Google已经发布了更新修复了这个问题,并敦促用户立即升级浏览器以降低风险。CISA要求联邦机构在2026年4月15日前修复此漏洞。 接下来,我需要把这些信息浓缩到100字以内,确保涵盖主要点:CISA添加漏洞到目录、漏洞编号、类型、影响范围、攻击方式、修复情况以及截止日期。 可能的结构是:开头说明CISA添加了什么到目录,然后描述漏洞的基本信息和影响,最后提到修复和截止日期。 现在开始组织语言: “美国网络安全与基础设施安全局(CISA)将Google Dawn组件中的一个Use-after-free漏洞(CVE-2026-5281)加入已知被利用的漏洞目录。该漏洞影响Google Chrome及基于Chromium的产品,可被远程攻击者利用执行任意代码。Google已发布更新修复此零日漏洞,并敦促用户立即升级以减少风险。CISA要求联邦机构于2026年4月15日前完成修复。” 检查一下字数是否在100字以内,并确保所有关键点都被涵盖。 </think> 美国网络安全与基础设施安全局(CISA)将Google Dawn组件中的一个Use-after-free漏洞(CVE-2026-5281)加入已知被利用的漏洞目录。该漏洞影响Google Chrome及基于Chromium的产品,可被远程攻击者利用执行任意代码。Google已发布更新修复此零日漏洞,并敦促用户立即升级以减少风险。CISA要求联邦机构于2026年4月15日前完成修复。 2026-4-1 23:30:12 Author: securityaffairs.com(查看原文) 阅读量:14 收藏
U.S. CISA adds a flaw in Google Dawn to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Google Dawn to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Google Dawn, tracked as CVE-2026-5281 (CVSS score of 8.8), to its Known Exploited Vulnerabilities (KEV) catalog.
The flaw is a use after free in the Dawn component in Google Chrome prior to 146.0.7680.178. Google Dawn is the WebGPU component used for graphics processing. A remote attacker who had compromised the renderer process could exploit the flaw to execute arbitrary code via a crafted HTML page.
According to CISA, this vulnerability could affect multiple Chromium-based products including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
This week, Google released Chrome updates fixing 21 vulnerabilities, including a new actively exploited zero-day tracked as CVE-2026-5281.
Due to ongoing exploitation, the company urges users to update their browsers immediately to reduce the risk of attacks.
“Google is aware that an exploit for CVE-2026-5281 exists in the wild.” reads the advisory.
A use-after-free (UAF) bug is a type of memory error where a program continues to use a piece of memory after it has already been freed (released).
Attackers can exploit use-after-free bugs to crash applications, execute malicious code, or take control of a system. Google fixed the Chrome zero-day and urges users to update to version 146.0.7680.177/178 (Windows/macOS) or 146.0.7680.177 (Linux).
As usual, Google did not reveal technical details of the attacks exploiting this flaw or the type of attackers involved, to give users time to update and prevent others from exploiting it.
CVE-2026-5281 is the fourth Chrome zero-day exploited in attacks in 2026.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix the vulnerability by April 15, 2026.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, US CISA Known Exploited Vulnerabilities catalog)
如有侵权请联系:admin#unsafe.sh