Home / Vulnerability Intelligence / CVE-2026-3919

CVE-2026-3919 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 13, 2026

Google Chrome - Use After Free

Published: March 11, 2026Updated: March 13, 2026Remote Exploitable

Overview

Google Chrome < 146.0.7680.71 contains a use after free vulnerability in Extensions, caused by heap corruption via crafted HTML page, letting attackers exploit memory corruption after convincing users to install malicious extensions.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 1.7%(Probability of exploitation in next 30 days)

Impact

Attackers can exploit heap corruption to execute arbitrary code or crash the browser, potentially compromising user security.

Mitigation

Update to version 146.0.7680.71 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 12, 2026

🟠 CVE-2026-3919 - High (8.8) Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3919/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-3919
Severity: High
CVSS Score: 8.8
Type: use_after_free
Status: confirmed
EPSS: 1.7%
Social Posts: 1

CWE

CWE-416

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

1.7%Probability of exploitation in the next 30 days