CVE-2026-3909

HIGH

Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

CVSS v3.1 Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Complexity

LOW

Privileges

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Published: 3/13/2026Modified: 3/25/2026

Related Intelligence (1)

CRITICALZero Day

Google patches fourth Chrome zero-day so far this year

Google has patched another zero-day vulnerability in Chrome, its fourth this year. In patching the vulnerability, tracked as CVE-2026-5281 , the company acknowledged that an exploit for it already exists in the wild. According to the report in NIST’s National Vulnerability Database, the vulnerability in Dawn, the implementation of WebGPU used by Chrome, allowed a remote attacker who had compromise

CVE-2026-5281CVE-2026-2441

8h agoCSO Online

References (3)

https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_13.htmlRelease NotesVendor Advisory https://issues.chromium.org/issues/491421267Permissions Required https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3909US Government Resource