[CDP-development] TLP:GREEN (Vulnerability Alert Notification) CVE-2026-3909 — Google Chrome / Skia Graphics Library · Out-of-Bounds Write in Skia Graphics Engine

ESO_SOC * DAS ESO.SOC at das.oregon.gov
Mon Mar 16 08:22:48 PDT 2026 

Good morning,
The SOC Services team is reporting on the vulnerability: CVE-2026-3909 affecting Google Chrome and Chromium-based browsers using the Skia graphics library. Because the vulnerability is actively exploited in the wild and affects a widely deployed browser platform, we are providing this in-depth information.
History: Google disclosed this vulnerability in March 2026 as part of an emergency Chrome security update addressing zero-day vulnerabilities affecting the Skia graphics engine. The CVSS v3.x base score is 8.8 (High).
Affected Versions

  *   Google Chrome versions prior to 146.0.7680.75
  *   Chromium-based browsers using vulnerable Skia builds prior to vendor patches

Fixed Versions

  *   Google Chrome 146.0.7680.75
  *   Google Chrome 146.0.7680.76 and later
  *   Vendor patched Chromium derivatives released after March 2026
An out-of-bounds write vulnerability exists in the Skia graphics library used by Google Chrome. A remote attacker could exploit this flaw by convincing a victim to visit a specially crafted web page, which may trigger memory corruption during graphics rendering
Vendor Advisory: Chrome Stable Channel Update<https://chromereleases.googleblog.com/>
Intelligence: On March 13, 2026, CISA has confirmed the vulnerability in the Known Exploited Vulnerabilities Catalog.
Exploitability Level: Low complexity, local exploitability
Complexity: Low
User Interaction: Required
Remotely Exploitable: No
Proof of Concept: Limited public technical details due to active exploitation
Zero Day: Yes
Workarounds: There are no reliable workarounds; patching is the only effective mitigation; Restrict access to untrusted websites until updates are applied
How it Works: The vulnerability occurs when Skia processes specially crafted graphical content embedded in a web page. Improper bounds checking may allow a write operation outside of allocated memory, leading to memory corruption within the Chrome renderer process
Post-Exploit Impact:

  *   Remote code execution within the browser sandbox (CWE:787)
  *   Memory corruption potentially enabling further exploitation (CWE:119)
Indicators of Compromise (IoCs):
Type
Value
Description / Notes
Network
Malicious webpage delivering crafted graphics payload
Used to trigger Skia memory corruption during rendering


Tenable Plugins:
Plugin ID
Plugin Title
Severity
Platform
302167<https://www.tenable.com/plugins/nessus/302167>
Linux Distros Unpatched Vulnerability : CVE-2026-3909
High
Nessus
302241<https://www.tenable.com/plugins/nessus/302241>
Google Chrome < 146.0.7680.80 Vulnerability
High
Nessus
302242<https://www.tenable.com/plugins/nessus/302242>
Google Chrome < 146.0.7680.80 Vulnerability
High
Nessus
302369<https://www.tenable.com/plugins/nessus/302369>
FreeBSD : chromium -- security fixes (26776062-fd24-4c2f-bf6c-7f231948ab19)
High
Nessus
302370<https://www.tenable.com/plugins/nessus/302370>
FreeBSD : chromium -- security fix (73eeb578-fd13-4d79-b50b-ed25c3614528)
High
Nessus
302497<https://www.tenable.com/plugins/nessus/302497>
Debian dsa-6165 : chromium - security update
High
Nessus
Recommended Actions:
Date Added to KEV Catalog: 03/13/2026
Due Date for Remediation: 03/27/2026

  *   Immediately update Google Chrome to version 146.0.7680.75 or later
  *   Ensure automatic browser updates are enabled across all enterprise endpoints
  *   Verify host has not been compromised before applying patches.
  *   Apply appropriate updates provided by the vendor to vulnerable systems after testing.
  *   Run all software as a non-privileged user to reduce the impact of a successful attack.
  *   Apply the Principle of Least Privilege to all systems and services.

[cid:image001.png at 01DCB51D.681EA4B0]
Cyber Security Services
State of Oregon Cyber Security Services
Enterprise Information Services | SOC
Cyber Security Services (CSS)
SOC Hotline: (503) 378-5930 | SOC Services (503) 373-0378



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20260316/72100c93/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 21907 bytes
Desc: image001.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20260316/72100c93/attachment-0001.png>

More information about the CDP-development mailing list