CVE-2026-3909

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 146.0.7680.75 Chromium versions prior to 146.0.7680.75

Description A high-severity out-of-bounds write flaw exists in the Skia graphics engine within Google Chrome and Chromium-based browsers. This vulnerability allows a remote attacker to perform out-of-bounds memory access through a crafted HTML page. The vulnerability is actively exploited in the wild, with reports indicating approximately 3.5 billion users are potentially at risk. The issue involves a memory corruption vulnerability that could lead to remote code execution. Exploitation occurs simply by visiting a malicious webpage. The vulnerability is identified as CVE-2026-3909 and has been added to CISA's Known Exploited Vulnerabilities catalog.

Recommendations Update Google Chrome to version 146.0.7680.75 or later. Update Chromium-based browsers to version 146.0.7680.75 or later. Restart the browser after applying the update. Apply enterprise browser patch policies. Monitor endpoints for suspicious browser behavior.