CVE-2026-3909

Summary

Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Affected Software

VendorProductVersion RangeStatus
GoogleChrome146.0.7680.75 < 146.0.7680.75affected

Weaknesses

  • CWE-787: Out of bounds write

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

References