{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3909", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-03-11T00:54:06.406Z", "datePublished": "2026-03-12T21:30:51.265Z", "dateUpdated": "2026-03-24T21:17:08.100Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "146.0.7680.75", "status": "affected", "lessThan": "146.0.7680.75", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out of bounds write", "cweId": "CWE-787"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-03-24T21:17:08.100Z"}, "references": [{"url": "https://issues.chromium.org/issues/491421267"}, {"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_13.html"}]}, "adp": [{"references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3909", "tags": ["government-resource"]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-13T00:00:00+00:00", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-3909"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2026-03-13", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3909"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-14T03:55:25.917Z"}, "timeline": [{"time": "2026-03-13T00:00:00.000Z", "lang": "en", "value": "CVE-2026-3909 added to CISA KEV"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-3909", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-13T16:47:27.715430Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2026-03-13", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3909"}}}], "references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3909", "tags": ["government-resource"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T22:09:31.840Z"}, "timeline": [{"lang": "en", "time": "2026-03-13T00:00:00.000Z", "value": "CVE-2026-3909 added to CISA KEV"}]}], "cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"status": "affected", "version": "146.0.7680.75", "lessThan": "146.0.7680.75", "versionType": "custom"}]}], "references": [{"url": "https://issues.chromium.org/issues/491421267"}, {"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_13.html"}], "descriptions": [{"lang": "en", "value": "Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-787", "description": "Out of bounds write"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-03-24T21:17:08.100Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3909", "state": "PUBLISHED", "dateUpdated": "2026-03-24T21:17:08.100Z", "dateReserved": "2026-03-11T00:54:06.406Z", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "datePublished": "2026-03-12T21:30:51.265Z", "assignerShortName": "Chrome"}, "dataVersion": "5.2"}

{"cisaActionDue": "2026-03-27", "cisaExploitAdd": "2026-03-13", "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Google Skia Out-of-Bounds Write Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "3203F586-1DC8-4200-B4CC-ABD37E51775C", "versionEndExcluding": "146.0.7680.80", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)"}, {"lang": "es", "value": "Escritura fuera de l\u00edmites en Skia en Google Chrome anterior a 146.0.7680.75 permiti\u00f3 a un atacante remoto realizar acceso a memoria fuera de l\u00edmites a trav\u00e9s de una p\u00e1gina HTML manipulada. (Gravedad de seguridad de Chromium: Alta)"}], "id": "CVE-2026-3909", "lastModified": "2026-03-25T14:05:38.743", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-13T19:55:11.170", "references": [{"source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_13.html"}, {"source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"], "url": "https://issues.chromium.org/issues/491421267"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["US Government Resource"], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3909"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "chrome-cve-admin@google.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "chromium-browser: Out of bounds write in Skia", "id": "2447195", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447195"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["An out of bounds write flaw was found in the Skia component of the Chromium browser.\nUpstream bug(s):\nhttps://code.google.com/p/chromium/issues/detail?id=491421267"], "name": "CVE-2026-3909", "public_date": "2026-03-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-3909\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-3909\nhttps://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html\nhttps://issues.chromium.org/issues/491421267"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[146.0.7680.75,146.0.7680.75)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-03-18T15:50:19.379383+00:00", "value": {"mitigation_remediation": ["Update Google Chrome to version 146.0.7680.75 or later, which resolves the Skia out-of-bounds write.", "Verify the browser displays the updated version number after the update.", "If an immediate update is not possible, restrict browsing to trusted sites or block untrusted HTML content until the patch is applied.", "Where feasible, consider using enterprise policies to enforce the latest Chrome update or to disable potentially risky browser features."], "summary": {"action": "Immediate Patch", "impact": "Out-of-Bounds Write"}, "threat_synthesis": {"affected_systems": "All Google Chrome installations with a version older than 146.0.7680.75 are affected. This includes Chrome running on Windows, macOS and Linux platforms as indicated by the CPE entries. The vendor list confirms Google:Chrome is the impacted product.", "description_and_impact": "The CVE identifies an out-of-bounds write in the Skia graphics library used by Google Chrome. The vendor description states that a crafted HTML page can trigger out-of-bounds memory access, potentially corrupting memory. The direct impact described is memory corruption, and while arbitrary code execution is a logical consequence of such corruption, the official description does not explicitly confirm it. The weakness is identified as CWE-787.", "risk_and_exploitability": "The CVSS score of 8.8 suggests high severity, and an EPSS score of 33% indicates a moderate likelihood of exploitation. The vulnerability is listed in the CISA KEV catalog, confirming that it has been actively exploited. Based on the description, the attack vector is remote via a malicious HTML page, and no local or privileged conditions are required. The potential for arbitrary code execution is inferred from the nature of the memory corruption, but this is not explicitly documented in the CVE."}}}}, "created": "2026-03-13T09:49:37.187880+00:00", "updated": "2026-03-23T10:00:08.794872+00:00", "vendors": ["google", "google$PRODUCT$chrome"]}