Unrated severityCISA KEVNVD Advisory· Published Mar 12, 2026· Updated Mar 24, 2026
CVE-2026-3909
CVE-2026-3909
Description
Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Affected products
4- osv-coords2 versionspkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweed
< 146.0.7680.80-bp160.1.1+ 1 more
- (no CPE)range: < 146.0.7680.80-bp160.1.1
- (no CPE)range: < 146.0.7680.80-1.1
Patches
Vulnerability mechanics
References
2News mentions
8- ⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and MoreThe Hacker News · Jun 15, 2026
- Google Chrome 0-Day Vulnerability Exploited in the Wild — Update NowCyber Security News · Jun 9, 2026
- Chrome's zero-day Whac-A-Mole continues with fifth exploited bug of the yearThe Register Security · Jun 9, 2026
- Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch NowThe Hacker News · Jun 9, 2026
- Google patches Chrome zero-day exploited in the wild (CVE-2026-11645)Help Net Security · Jun 9, 2026
- Google patches new Chrome zero-day flaw exploited in the wildBleepingComputer · Jun 9, 2026
- Google Patches 5th Chrome Zero-Day Exploited in 2026SecurityWeek · Jun 9, 2026
- 16th March – Threat Intelligence ReportCheck Point Research · Mar 16, 2026