CVE-2026-5281 (CVSS 8.8) is a use-after-free in Google Dawn, the WebGPU implementation shared across all Chromium-based browsers including Chrome, Microsoft Edge, and Opera; CISA KEV confirms active exploitation with a remediation deadline of 2026-04-15. The shared upstream dependency means the blast radius extends to every Chromium-derived browser in the fleet pending each vendor’s downstream patch cycle. Apply browser updates immediately once confirmed fixed versions are published by Google and Microsoft, query EDR for browser renderer processes spawning shell interpreters, and monitor Microsoft MSRC and Google Chrome release notes for confirmed fixed build numbers.