LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-3913

CVE-2026-3913 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 13, 2026

Google Chrome - Buffer Overflow

Published: March 11, 2026Updated: March 13, 2026Remote Exploitable

Overview

Google Chrome < 146.0.7680.71 contains a heap buffer overflow caused by improper handling in WebML, letting remote attackers exploit heap corruption via crafted HTML pages.

Severity & Score

Severity: High
CVSS Score: 8.8
EPSS Score: 5.7%(Probability of exploitation in next 30 days)

Impact

Remote attackers can exploit heap corruption to execute arbitrary code or crash the browser.

Mitigation

Update to version 146.0.7680.71 or later.

References

Social Media Activity(3 posts)

TheHackerWire
TheHackerWire
@thehackerwire
Mar 13, 2026

šŸŸ  CVE-2026-3913 - High (8.8) Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-3913/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 13, 2026

šŸŸ  CVE-2026-3913 - High (8.8) Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-3913/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
BeyondMachines :verified:
BeyondMachines :verified:
@beyondmachines1
Mar 13, 2026

Google Patches Critical WebML Vulnerability and 28 Other Flaws in Chrome 146 Google released Chrome 146 to patch 29 vulnerabilities, including a critical heap memory flaw in the WebML component (CVE-2026-3913) that allows remote code execution via malicious web pages. **If you are using Google Chrome or other Chromium-based browsers (Edge, Brave, Vivaldi, Opera...) patch your browser ASAP. Google wouldn't push a new update so soon unless it's serious. Even if you want to debate the severity scoring, it's better to just update. Because while you debate, hackers will find a way to exploit them.** #cybersecurity #infosec #advisory #vulnerability https://beyondmachines.net/event_details/google-patches-critical-webml-vulnerability-and-28-other-flaws-in-chrome-146-u-5-m-9-g/gD2P6Ple2L

View original post

Related Resources

Details

CVE ID
CVE-2026-3913
Severity
High
CVSS Score
8.8
Type
buffer_overflow
Status
confirmed
EPSS
5.7%
Social Posts
3

CWE

  • CWE-122
  • CWE-787

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

5.7%Probability of exploitation in the next 30 days