{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3931", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2026-03-11T05:54:13.050Z", "datePublished": "2026-03-11T22:04:12.053Z", "dateUpdated": "2026-03-13T03:55:39.852Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "146.0.7680.71", "status": "affected", "lessThan": "146.0.7680.71", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Heap buffer overflow in Skia in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Heap buffer overflow", "cweId": "CWE-122"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-03-11T22:04:12.053Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html"}, {"url": "https://issues.chromium.org/issues/417599694"}]}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-12T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-3931"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T03:55:39.852Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-3931", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-12T15:12:19.343088Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T15:12:29.976Z"}}], "cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"status": "affected", "version": "146.0.7680.71", "lessThan": "146.0.7680.71", "versionType": "custom"}]}], "references": [{"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html"}, {"url": "https://issues.chromium.org/issues/417599694"}], "descriptions": [{"lang": "en", "value": "Heap buffer overflow in Skia in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-122", "description": "Heap buffer overflow"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2026-03-11T22:04:12.053Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3931", "state": "PUBLISHED", "dateUpdated": "2026-03-12T15:12:33.118Z", "dateReserved": "2026-03-11T05:54:13.050Z", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "datePublished": "2026-03-11T22:04:12.053Z", "assignerShortName": "Chrome"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9898EF8-B616-4762-BD38-FFD790EE7517", "versionEndExcluding": "146.0.7680.71", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Heap buffer overflow in Skia in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)"}, {"lang": "es", "value": "Desbordamiento de b\u00fafer de mont\u00f3n en Skia en Google Chrome anterior a 146.0.7680.71 permiti\u00f3 a un atacante remoto realizar acceso a memoria fuera de l\u00edmites mediante una p\u00e1gina HTML manipulada. (Gravedad de seguridad de Chromium: Media)"}], "id": "CVE-2026-3931", "lastModified": "2026-03-13T15:41:38.623", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-11T22:16:35.803", "references": [{"source": "chrome-cve-admin@google.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html"}, {"source": "chrome-cve-admin@google.com", "tags": ["Permissions Required"], "url": "https://issues.chromium.org/issues/417599694"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "chrome-cve-admin@google.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "chromium-browser: Heap buffer overflow in Skia", "id": "2446868", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446868"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "draft"}, "details": ["A heap buffer overflow flaw was found in the Skia component of the Chromium browser.\nUpstream bug(s):\nhttps://code.google.com/p/chromium/issues/detail?id=417599694"], "name": "CVE-2026-3931", "public_date": "2026-03-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-3931\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-3931\nhttps://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html\nhttps://issues.chromium.org/issues/417599694"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[146.0.7680.71,146.0.7680.71)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Chrome", "source": "cna", "vendor": "Google"}, "product": "chrome", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-04-17T11:35:19.792179+00:00", "value": {"mitigation_remediation": ["Update Google Chrome to version 146.0.7680.71 or newer on all devices.", "If an update cannot be applied immediately, filter out malicious or untrusted HTML content using a web security gateway that enforces strict content security policies and blocks inline scripts.", "Maintain up\u2011to\u2011date OS and browser sandbox configurations to contain any accidental code execution, and apply regular patch management for all Chrome installations."], "summary": {"action": "Immediate Patch", "impact": "Memory corruption"}, "threat_synthesis": {"affected_systems": "The flaw affects Google Chrome version 146.0.7680.70 and older across all desktop operating systems supported by Chrome, including Windows, macOS, and Linux. The vulnerability is tied to the Skia graphics subsystem, which is common to all Chrome releases prior to 146.0.7680.71.", "description_and_impact": "The vulnerability manifests as a heap buffer overflow in the Skia graphics library of Google Chrome, permitting a remote attacker to supply a specially crafted HTML page that triggers an out\u2011of\u2011bounds write and corrupts memory. According to the official CWE IDs, the flaw is a classic heap overflow (CWE\u2011122) combined with an out\u2011of\u2011bounds write (CWE\u2011787). The result is arbitrary memory corruption that may lead to remote code execution on the victim\u2019s machine.", "risk_and_exploitability": "The CVSS score of 8.8 classifies this vulnerability as high severity, and the EPSS score of less than 1% suggests that exploitation is unlikely at the moment, although the flaw has not been reported in the CISA Known Exploited Vulnerabilities catalog. The attack vector is remote, relying on a crafted HTML page delivered over the network to a victim\u2019s browser. Because the bug resides in a heap buffer, an attacker could potentially overwrite arbitrary data, elevate privileges within the browser process, or execute injected code, assuming the user allows HTML content from untrusted sources. While there are no publicly disclosed exploits as of this analysis, the high CVSS and potential for remote code execution warrant immediate patching."}}}}, "created": "2026-03-12T09:55:19.998402+00:00", "updated": "2026-04-17T11:45:06.223045+00:00", "vendors": ["google", "google$PRODUCT$chrome"]}