Home / Vulnerability Intelligence / CVE-2026-3920

CVE-2026-3920 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 13, 2026

Google Chrome - Out of Bounds Read/Write

Published: March 11, 2026Updated: March 13, 2026Remote Exploitable

Overview

Google Chrome < 146.0.7680.71 contains an out of bounds read/write caused by improper memory access in WebML, letting remote attackers potentially exploit heap corruption via crafted HTML pages.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 6.2%(Probability of exploitation in next 30 days)

Impact

Remote attackers can exploit heap corruption, potentially leading to code execution or browser compromise.

Mitigation

Update to version 146.0.7680.71 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 12, 2026

🟠 CVE-2026-3920 - High (8.8) Out of bounds memory access in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3920/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-3920
Severity: High
CVSS Score: 8.8
Type: out_of_bounds_rw
Status: confirmed
EPSS: 6.2%
Social Posts: 1

CWE

CWE-125

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

6.2%Probability of exploitation in the next 30 days