Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Google Skia: Malicious Webpage Can Crash or Steal Data
CVE-2026-3909
CVE-2026-3909
Summary
A bug in Google's Skia graphics library lets hackers crash or steal data from Google Chrome, ChromeOS, Android, and possibly other products by creating a special webpage. This means that if a user visits a malicious website, their device could be compromised. Users should update their software to the latest version to stay protected.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| skia | All versions | – | |
| chrome | <= 146.0.7680.75 | – |
Original title
Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Original description
Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Vulnerability type
CWE-787
Out-of-bounds Write
Published: 13 Mar 2026 · Updated: 13 Mar 2026 · First seen: 13 Mar 2026