CVE-2026-3909:

Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Score
A numerical rating that indicates how dangerous this vulnerability is.

8.8High

Published Date:Mar 13, 2026
CISA KEV Date:Mar 13, 2026
Industries Affected:20

Threat Predictions

EPSS Score:27.1
EPSS Percentile:96%

Exploitability

Score:2.8
Attack Vector:NETWORK
Attack Complexity:LOW
Privileges Required:NONE
User Interaction:REQUIRED
Scope:UNCHANGED

Impact

Score:5.9
Confidentiality Impact:HIGH
Integrity Impact:HIGH
Availability Impact:HIGH

Description Preview

Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Industries Affected

Below is a list of industries most commonly impacted or potentially at risk based on intelligence.

Medium

Manufacturing

Educational Services

Finance and Insurance

Public Administration

Transportation and Warehousing

Health Care and Social Assistance

Professional, Scientific, and Technical Services

Low

Mining

Utilities

Information

Construction

Retail Trade

Wholesale Trade

Real Estate Rental and Leasing

Accommodation and Food Services

Arts, Entertainment, and Recreation

Management of Companies and Enterprises

Agriculture, Forestry, Fishing and Hunting

Other Services (except Public Administration)

Administrative and Support and Waste Management and Remediation Services

Focus on What Matters

See everything.Identify true risk.Proactively mitigate threats.Book a Demo

Let's talk!