CVE-2026-3909 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: March 13, 2026
Google Chrome - Out of Bounds Write
Overview
Google Chrome < 146.0.7680.75 contains an out of bounds write caused by improper memory handling in Skia, letting remote attackers perform out of bounds memory access via crafted HTML pages.
Severity & Score
Impact
Remote attackers can perform out of bounds memory access, potentially leading to memory corruption or code execution.
Mitigation
Update to version 146.0.7680.75 or later.
References
- https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_13.html
- https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html
- https://issues.chromium.org/issues/491421267
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3909
Social Media Activity(1 post)
Global cybersecurity alerts include active exploitation of Chrome Zero-Days (CVE-2026-3909/3910) and a Quest KACE SMA flaw for credential harvesting. Advanced threats like Android haptic keyloggers and deepfake identity fraud are emerging. Geopolitically, Persian Gulf tensions remain high, while the US announced a new cyber strategy to defend companies from foreign adversaries. In tech, NVIDIA Nemotron 3 Super is now on Amazon Bedrock. #Cybersecurity #GeopoliticalNews #TechBrief
View original postRelated Resources
Details
- CVE ID
- CVE-2026-3909
- Severity
- High
- CVSS Score
- 8.8
- Type
- out_of_bounds_rw
- Status
- confirmed
- EPSS
- 444.3%
- Social Posts
- 1
CWE
- CWE-787
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H