Vulnerabilities ›

CVE-2026-5281

Critical 🇺🇸 CISA KEV

                    Published: Apr 1, 2026                                          ·  Source: CISA_KEV                

CVSS v3

9.8

🔗 NVD Official

📄 Description (English)

Google Dawn — CVE-2026-5281
Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability could affect multiple Chromium-based products including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

🤖 AI Executive Summary

CVE-2026-5281 is a critical use-after-free vulnerability in Google Dawn that allows remote code execution through crafted HTML pages after renderer process compromise, affecting multiple Chromium-based browsers. The vulnerability has a CVSS score of 9.8 and impacts Google Chrome, Microsoft Edge, Opera, and other Chromium derivatives.

📄 Description (Arabic)

تحتوي Google Dawn على ثغرة استخدام بعد التحرير (use-after-free) التي قد تسمح لمهاجم بعيد قام باختراق عملية العرض بتنفيذ كود عشوائي عبر صفحة HTML معدة خصيصاً. قد تؤثر هذه الثغرة على منتجات متعددة قائمة على Chromium بما في ذلك، على سبيل المثال لا الحصر، Google Chrome و Microsoft Edge و Opera. الإجراء المطلوب: تطبيق التخفيفات وفقاً لتعليمات البائع، واتباع التوجيهات المعمول بها في BOD 22-01 لخدمات السحابة، أو التوقف عن استخدام المنتج إذا لم تكن التخفيفات متاحة.

🤖 ملخص تنفيذي (AI)

🤖 AI Intelligence Analysis Analyzed: Apr 4, 2026 17:09

🇸🇦 Saudi Arabia Impact Assessment

Relevance: high

🏢 Affected Saudi Sectors

Banking and Financial Services Government and Public Administration Healthcare Energy and Utilities Telecommunications Education Retail and E-commerce Manufacturing Transportation and Logistics

⚖️ Saudi Risk Score (AI)

9.2

/ 10.0

🔧 Remediation Steps (English)

Immediately apply vendor security patches for all Chromium-based browsers and implement browser update policies to ensure automatic deployment of fixes across all organizational endpoints.

🔧 خطوات المعالجة (العربية)

طبّق فوراً تحديثات الأمان من المورّدين لجميع متصفحات Chromium وتأكد من تفعيل سياسات التحديث التلقائي عبر جميع أجهزة المؤسسة.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1 - Policies and procedures for information security 5.2 - Information security roles and responsibilities 6.1 - Cryptography and encryption controls 6.2 - Software and firmware security 7.1 - Access control and authentication 8.1 - Incident management and response 8.2 - Business continuity and disaster recovery

🔵 SAMA CSF

Governance - Risk Management Framework Governance - Third-party Risk Management Protective - Access Control Protective - Data Protection Protective - System Security Detective - Monitoring and Logging Responsive - Incident Response

🟡 ISO 27001:2022

A.5.1 - Policies for information security A.6.1 - Information security roles and responsibilities A.8.1 - Asset management A.8.2 - Classification of information A.8.3 - Media handling A.12.2 - Restrictions on software installation A.12.6 - Management of technical vulnerabilities A.14.2 - Secure development policy

🟣 PCI DSS v4.0

Requirement 2.2 - Configuration standards for system components Requirement 6.2 - Security patches and updates Requirement 11.2 - Vulnerability scanning Requirement 12.2 - Configuration standards documentation

🔗 References & Sources 0

No references.

📊 CVSS Score

9.8

/ 10.0 — Critical

📋 Quick Facts

Severity Critical

CVSS Score9.8

EPSS3.28%

Exploit No

Patch ✗ No

CISA KEV🇺🇸 Yes

Published 2026-04-01

Source Feed cisa_kev

🇸🇦 Saudi Risk Score

9.2

/ 10.0 — Saudi Risk

Priority: CRITICAL

🏷️ Tags

kev cisa exploit-known

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-5281

Introduce Yourself

Sign In Required