CVE-2026-3909 - PatchNow

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: USER_INTERACTION

CVE Published: 2026-03-12

Added to CISA KEV: 2026-03-13 1 DAY BETWEEN CVE AND KEV

⚠️ CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review logs, check for unauthorized access, verify system integrity before patching
Update Chrome immediately to version 146.0.7680.75 or later
Enable automatic updates for Chrome across the organization
Educate users about avoiding suspicious websites and clicking unknown links
Consider deploying browser isolation technologies for high-risk users
Monitor for unusual browser crashes or system behavior on endpoints

CVE-2026-3909 - Vulnerability Details - OpenCVE
Attack Vector Network. Attack Complexity Low. Privileges Required None. Scope Unchanged."lessThan": "146.0.7680.75", "versionType": "custom"}]}], "references": [{"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html"}, {"url": "https://issues.chromium.org/issues/491421267"}], "descriptions": [{"lang": "en", "value": "Out of bounds write in Skia in Google Chrome prior to. 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
Known Exploited Vulnerabilities Catalog
CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their ...
Google fixed two new actively exploited flaws in the Chrome browser
Google addressed two high-severity vulnerabilities in the Chrome browser that have been exploited in attacks in the wild. Google has released security updates to address two high-severity vulnerabilities, tracked as CVE-2026-3909 and CVE-2026-3910, in the Chrome browser. The company is aware of attacks in the wild exploiting both flaws.

🟢 CVE-2026-3909