{"dataType": "CVE_RECORD", "containers": {"adp": [{"metrics": [{"other": {"type": "Unknown", "content": {"data": "{\"description\":\"not yet assigned\"}"}}}], "affected": [{"vendor": "debian", "product": "chromium", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "chromium-common", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "chromium-common-dbgsym", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "chromium-dbgsym", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "chromium-driver", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "chromium-l10n", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "chromium-sandbox", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "chromium-sandbox-dbgsym", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "chromium-shell", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "chromium-shell-dbgsym", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "chromium", "versions": [{"status": "affected", "version": "0", "lessThan": "146.0.7680.71-1~deb12u1", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "chromium-common", "versions": [{"status": "affected", "version": "0", "lessThan": "146.0.7680.71-1~deb12u1", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "chromium-common-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "146.0.7680.71-1~deb12u1", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "chromium-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "146.0.7680.71-1~deb12u1", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "chromium-driver", "versions": [{"status": "affected", "version": "0", "lessThan": "146.0.7680.71-1~deb12u1", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "chromium-headless-shell", "versions": [{"status": "affected", "version": "0", "lessThan": "146.0.7680.71-1~deb12u1", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "chromium-headless-shell-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "146.0.7680.71-1~deb12u1", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "chromium-l10n", "versions": [{"status": "affected", "version": "0", "lessThan": "146.0.7680.71-1~deb12u1", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "chromium-sandbox", "versions": [{"status": "affected", "version": "0", "lessThan": "146.0.7680.71-1~deb12u1", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "chromium-sandbox-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "146.0.7680.71-1~deb12u1", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "chromium-shell", "versions": [{"status": "affected", "version": "0", "lessThan": "146.0.7680.71-1~deb12u1", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "chromium-shell-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "146.0.7680.71-1~deb12u1", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "chromium-l10n", "versions": [{"status": "affected", "version": "0", "lessThan": "146.0.7680.71-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "chromium", "versions": [{"status": "affected", "version": "0", "lessThan": "146.0.7680.71-1~deb13u1", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "chromium-common", "versions": [{"status": "affected", "version": "0", "lessThan": "146.0.7680.71-1~deb13u1", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "chromium-common-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "146.0.7680.71-1~deb13u1", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "chromium-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "146.0.7680.71-1~deb13u1", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "chromium-driver", "versions": [{"status": "affected", "version": "0", "lessThan": "146.0.7680.71-1~deb13u1", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "chromium-headless-shell", "versions": [{"status": "affected", "version": "0", "lessThan": "146.0.7680.71-1~deb13u1", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "chromium-headless-shell-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "146.0.7680.71-1~deb13u1", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "chromium-l10n", "versions": [{"status": "affected", "version": "0", "lessThan": "146.0.7680.71-1~deb13u1", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "chromium-sandbox", "versions": [{"status": "affected", "version": "0", "lessThan": "146.0.7680.71-1~deb13u1", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "chromium-sandbox-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "146.0.7680.71-1~deb13u1", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "chromium-shell", "versions": [{"status": "affected", "version": "0", "lessThan": "146.0.7680.71-1~deb13u1", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "chromium-shell-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "146.0.7680.71-1~deb13u1", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}], "references": [{"url": "https://security-tracker.debian.org/tracker/CVE-2026-3916"}], "descriptions": [{"lang": "en", "value": "Out of bounds read in Web Speech in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"}], "providerMetadata": {"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian", "dateUpdated": "2026-03-12T00:00:00.000Z", "x_subShortName": "debian"}}, {"metrics": [{"other": {"type": "Unknown", "content": {"data": "{\"description\":\"high\"}"}}}], "affected": [{"vendor": "fedora", "product": "cef", "versions": [{"status": "affected", "version": "0", "lessThan": "0:146.0.9^chromium146.0.7680.164-1.fc42", "versionType": "rpm"}], "platforms": ["cpe:/o:fedoraproject:fedora:42"], "defaultStatus": "unaffected"}, {"vendor": "fedora", "product": "chromium", "versions": [{"status": "affected", "version": "0", "lessThan": "0:146.0.7680.71-1.fc42", "versionType": "rpm"}], "platforms": ["cpe:/o:fedoraproject:fedora:42"], "defaultStatus": "unaffected"}, {"vendor": "fedora", "product": "cef", "versions": [{"status": "affected", "version": "0", "lessThan": "0:146.0.9^chromium146.0.7680.164-1.fc43", "versionType": "rpm"}], "platforms": ["cpe:/o:fedoraproject:fedora:43"], "defaultStatus": "unaffected"}, {"vendor": "fedora", "product": "chromium", "versions": [{"status": "affected", "version": "0", "lessThan": "0:146.0.7680.71-1.fc43", "versionType": "rpm"}], "platforms": ["cpe:/o:fedoraproject:fedora:43"], "defaultStatus": "unaffected"}, {"vendor": "fedora", "product": "chromium", "versions": [{"status": "affected", "version": "0", "lessThan": "0:146.0.7680.71-1.fc44", "versionType": "rpm"}], "platforms": ["cpe:/o:fedoraproject:fedora:44"], "defaultStatus": "unaffected"}], "references": [{"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-0dc0c88f83"}, {"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-6188cc51be"}, {"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-6e868c481c"}, {"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-a67eba175f"}, {"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-e71e71d1fe"}], "descriptions": [{"lang": "en", "value": "Update to 146.0.7680.71\n\n      * CVE-2026-3913: Heap buffer overflow in WebML\n      * CVE-2026-3914: Integer overflow in WebML\n      * CVE-2026-3915: Heap buffer overflow in WebML\n      * CVE-2026-3916: Out of bounds read in Web Speech\n      * CVE-2026-3917: Use after free in Agents\n      * CVE-2026-3918: Use after free in WebMCP\n      * CVE-2026-3919: Use after free in Extensions\n      * CVE-2026-3920: Out of bounds memory access in WebML\n      * CVE-2026-3921: Use after free in TextEncoding\n      * CVE-2026-3922: Use after free in MediaStream\n      * CVE-2026-3923: Use after free in WebMIDI\n      * CVE-2026-3924: Use after free in WindowDialog\n      * CVE-2026-3925: Incorrect security UI in LookalikeChecks\n      * CVE-2026-3926: Out of bounds read in V8\n      * CVE-2026-3927: Incorrect security UI in PictureInPicture\n      * CVE-2026-3928: Insufficient policy enforcement in Extensions\n      * CVE-2026-3929: Side-channel information leakage in ResourceTiming\n      * CVE-2026-3930: Unsafe navigation in Navigation\n      * CVE-2026-3931: Heap buffer overflow in Skia\n      * CVE-2026-3932: Insufficient policy enforcement in PDF\n      * CVE-2026-3934: Insufficient policy enforcement in ChromeDriver\n      * CVE-2026-3935: Incorrect security UI in WebAppInstalls\n      * CVE-2026-3936: Use after free in WebView\n      * CVE-2026-3937: Incorrect security UI in Downloads\n      * CVE-2026-3938: Insufficient policy enforcement in Clipboard\n      * CVE-2026-3939: Insufficient policy enforcement in PDF\n      * CVE-2026-3940: Insufficient policy enforcement in DevTools\n      * CVE-2026-3941: Insufficient policy enforcement in DevTools\n      * CVE-2026-3942: Incorrect security UI in PictureInPicture\n"}, {"lang": "en", "value": "Update to 146.0.7680.71\n\n  * CVE-2026-3913: Heap buffer overflow in WebML\n  * CVE-2026-3914: Integer overflow in WebML\n  * CVE-2026-3915: Heap buffer overflow in WebML\n  * CVE-2026-3916: Out of bounds read in Web Speech\n  * CVE-2026-3917: Use after free in Agents\n  * CVE-2026-3918: Use after free in WebMCP\n  * CVE-2026-3919: Use after free in Extensions\n  * CVE-2026-3920: Out of bounds memory access in WebML\n  * CVE-2026-3921: Use after free in TextEncoding\n  * CVE-2026-3922: Use after free in MediaStream\n  * CVE-2026-3923: Use after free in WebMIDI\n  * CVE-2026-3924: Use after free in WindowDialog\n  * CVE-2026-3925: Incorrect security UI in LookalikeChecks\n  * CVE-2026-3926: Out of bounds read in V8\n  * CVE-2026-3927: Incorrect security UI in PictureInPicture\n  * CVE-2026-3928: Insufficient policy enforcement in Extensions\n  * CVE-2026-3929: Side-channel information leakage in ResourceTiming\n  * CVE-2026-3930: Unsafe navigation in Navigation\n  * CVE-2026-3931: Heap buffer overflow in Skia\n  * CVE-2026-3932: Insufficient policy enforcement in PDF\n  * CVE-2026-3934: Insufficient policy enforcement in ChromeDriver\n  * CVE-2026-3935: Incorrect security UI in WebAppInstalls\n  * CVE-2026-3936: Use after free in WebView\n  * CVE-2026-3937: Incorrect security UI in Downloads\n  * CVE-2026-3938: Insufficient policy enforcement in Clipboard\n  * CVE-2026-3939: Insufficient policy enforcement in PDF\n  * CVE-2026-3940: Insufficient policy enforcement in DevTools\n  * CVE-2026-3941: Insufficient policy enforcement in DevTools\n  * CVE-2026-3942: Incorrect security UI in PictureInPicture\n"}, {"lang": "en", "value": "Update to cef-146.0.9+g3ca6a87 + chromium 146.0.7680.164\n\n* High CVE-2026-4673: Heap buffer overflow in WebAudio\n* High CVE-2026-4674: Out of bounds read in CSS\n* High CVE-2026-4675: Heap buffer overflow in WebGL\n* High CVE-2026-4676: Use after free in Dawn\n* High CVE-2026-4677: Out of bounds read in WebAudio\n* High CVE-2026-4678: Use after free in WebGPU\n* High CVE-2026-4679: Integer overflow in Fonts\n* High CVE-2026-4680: Use after free in FedCM\n* CVE-2026-4439: Out of bounds memory access in WebGL\n* CVE-2026-4440: Out of bounds read and write in WebGL\n* CVE-2026-4441: Use after free in Base\n* CVE-2026-4442: Heap buffer overflow in CSS\n* CVE-2026-4443: Heap buffer overflow in WebAudio\n* CVE-2026-4444: Stack buffer overflow in WebRTC\n* CVE-2026-4445: Use after free in WebRTC\n* CVE-2026-4446: Use after free in WebRTC\n* CVE-2026-4447: Inappropriate implementation in V8\n* CVE-2026-4448: Heap buffer overflow in ANGLE\n* CVE-2026-4449: Use after free in Blink\n* CVE-2026-4450: Out of bounds write in V8\n* CVE-2026-4451: Insufficient validation of untrusted input in Navigation\n* CVE-2026-4452: Integer overflow in ANGLE\n* CVE-2026-4453: Integer overflow in Dawn\n* CVE-2026-4454: Use after free in Network\n* CVE-2026-4455: Heap buffer overflow in PDFium\n* CVE-2026-4456: Use after free in Digital Credentials API\n* CVE-2026-4457: Type Confusion in V8\n* CVE-2026-4458: Use after free in Extensions\n* CVE-2026-4459: Out of bounds read and write in WebAudio\n* CVE-2026-4460: Out of bounds read in Skia\n* CVE-2026-4461: Inappropriate implementation in V8\n* CVE-2026-4462: Out of bounds read in Blink\n* CVE-2026-4463: Heap buffer overflow in WebRTC\n* CVE-2026-4464: Integer overflow in ANGLE\n* CVE-2026-3909: Out of bounds write in Ski\n* CVE-2026-3909: Out of bounds write in Skia\n* CVE-2026-3910: Inappropriate implementation in V8\n* CVE-2026-3913: Heap buffer overflow in WebML\n* CVE-2026-3914: Integer overflow in WebML\n* CVE-2026-3915: Heap buffer overflow in WebML\n* CVE-2026-3916: Out of bounds read in Web Speech\n* CVE-2026-3917: Use after free in Agents\n* CVE-2026-3909: Out of bounds write in Skia\n* CVE-2026-3910: Inappropriate implementation in V8\n* CVE-2026-3913: Heap buffer overflow in WebML\n* CVE-2026-3914: Integer overflow in WebML\n* CVE-2026-3915: Heap buffer overflow in WebML\n* CVE-2026-3916: Out of bounds read in Web Speech\n* CVE-2026-3917: Use after free in Agents\n* CVE-2026-3918: Use after free in WebMCP\n* CVE-2026-3919: Use after free in Extensions\n* CVE-2026-3920: Out of bounds memory access in WebML\n* CVE-2026-3921: Use after free in TextEncoding\n* CVE-2026-3922: Use after free in MediaStream\n* CVE-2026-3923: Use after free in WebMIDI\n* CVE-2026-3924: Use after free in WindowDialog\n* CVE-2026-3925: Incorrect security UI in LookalikeChecks\n* CVE-2026-3926: Out of bounds read in V8\n* CVE-2026-3927: Incorrect security UI in PictureInPicture\n* CVE-2026-3928: Insufficient policy enforcement in Extensions\n* CVE-2026-3929: Side-channel information leakage in ResourceTiming\n* CVE-2026-3930: Unsafe navigation in Navigation\n* CVE-2026-3931: Heap buffer overflow in Skia\n* CVE-2026-3932: Insufficient policy enforcement in PDF\n* CVE-2026-3934: Insufficient policy enforcement in ChromeDriver\n* CVE-2026-3935: Incorrect security UI in WebAppInstalls\n* CVE-2026-3936: Use after free in WebView\n* CVE-2026-3937: Incorrect security UI in Downloads\n* CVE-2026-3938: Insufficient policy enforcement in Clipboard\n* CVE-2026-3939: Insufficient policy enforcement in PDF\n* CVE-2026-3940: Insufficient policy enforcement in DevTools\n* CVE-2026-3941: Insufficient policy enforcement in DevTools\n* CVE-2026-3942: Incorrect security UI in PictureInPicture"}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2026-03-14T00:15:28Z", "x_subShortName": "fedora"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"], "vendor": "google", "product": "chrome", "versions": [{"status": "affected", "version": "0", "lessThan": "146.0.7680.71", "versionType": "custom"}], "platforms": ["arch", "bionic", "bookworm", "bullseye", "buster", "cpe:2.3:o:almalinux:almalinux:*:*:*:*:*:*:*:*", "cpe:2.3:o:amazon:amazon_linux:*:*:*:*:*:*:*:*", "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:*:*:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:*:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:*:*:*:*:*:*:*:*", "cpe:2.3:o:rocky:rocky:*:*:*:*:*:*:*:*", "cpe:2.3:o:suse:sled:*:*:*:*:*:*:*:*", "cpe:2.3:o:suse:sles:*:*:*:*:*:*:*:*", "faye", "focal", "jammy", "jessie", "noble", "resolute", "sid", "stretch", "trixie", "trusty", "ulyana", "ulyssa", "uma", "una", "vanessa", "vera", "victoria", "virginia", "wilma", "xenial"], "defaultStatus": "unaffected"}], "references": [{"url": "https://issues.chromium.org/issues/482828615", "tags": ["permissions-required"]}, {"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html", "tags": ["release-notes", "vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "Out of bounds read in Web Speech in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"}, {"lang": "es", "value": "Lectura fuera de límites en Web Speech en Google Chrome anterior a 146.0.7680.71 permitió a un atacante remoto realizar potencialmente un escape de sandbox a través de una página HTML diseñada. (Gravedad de seguridad de Chromium: Alta)"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-125", "description": "CWE-125"}]}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000003", "shortName": "nvd", "dateUpdated": "2026-03-11T22:16:33Z", "x_subShortName": "nvd"}}}, "cveMetadata": {"cveId": "CVE-2026-3916", "state": "PUBLISHED", "dateUpdated": "2026-03-13T15:43:05Z", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "datePublished": "2026-03-11T22:16:33Z", "assignerShortName": "Chrome"}, "dataVersion": "5.0"}