CVE-2026-3909
actively exploitedOut of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) rdintel-analysis
8.8
cvss
high
common vulnerability scoring system v3.1. measures intrinsic severity on a 0-10 scale.
epss
0.0052
kev
yes
cisa known exploited vulnerabilities catalog. confirmed active exploitation.
rdintel-analysisseverity and description assessed by rdintel before official nvd publication.
CVSS 3.1
Common Vulnerability Scoring System v3.1
8.8
/ 10
HIGH
exploitability
Attack Vector
Network
Attack Vector (AV:N): exploitable remotely over the network — most dangerous. no physical or adjacent access needed.
Attack Complexity
Low
Attack Complexity (AC:L): no special conditions needed. attack can be reliably reproduced.
Privileges Required
None
Privileges Required (PR:N): no authentication needed. any anonymous attacker can exploit this.
User Interaction
Required
User Interaction (UI:R): victim must perform some action (e.g. clicking a link, opening a file).
impact
Scope
Unchanged
Scope (S:U): impact limited to the vulnerable component.
Confidentiality
High
Confidentiality (C:H): total information disclosure. attacker gains access to all data within the component.
Integrity
High
Integrity (I:H): complete data modification possible. attacker can modify any data.
Availability
High
Availability (A:H): total denial of service. attacker can fully shut down the resource.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
activity density
rdintel assessment
actively exploited. patch immediately.
composite score from 15+ signals including exploitation status, epss probability, detection coverage, and community attention. 0-100 scale.
sign in to view full intelligence
pocs, detection rules, timeline, advisories, and more