CVE Tools

Home/Vulnerability/CVE-2026-3909

CVE-2026-3909

Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Published: Mar 12, 2026Updated: Mar 25, 2026 Sources: CVE List NVD BDU

NVD MITRE

8.8CVSS

HIGH

Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

EPSS Score

0.5%

Top 35.8%

CISA KEV

Active Exploitation

Since Mar 13, 2026

Exploits

No Known Exploits

Remediation

Patch Available

CVSS Vector Breakdown

Exploitability

AV:NAttack Vector

Network

AC:LAttack Complexity

Low

PR:NPrivileges Required

None

UI:RUser Interaction

Required

Scope

S:UScope

Unchanged

Impact

C:HConfidentiality

High

I:HIntegrity

High

A:HAvailability

High

Weaknesses

CWE-787

Affected Products

chrome

google

Debian GNU/Linux

Сообщество свободного программного обеспечения

OpenSUSE Leap

Novell Inc.

Google Chrome

Google Inc

Microsoft Edge

Microsoft Corp

and 1 more affected products View all →

Attack Graph

Products CVE Techniques Tactics

Click technique nodes to view MITRE ATT&CK details. Scroll to zoom, drag to pan.

Exploitability

CISA Known Exploited Vulnerability

Added to KEV:Mar 13, 2026

Remediation due:Mar 27, 2026

Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Official Patch Available