CVE-2026-3916
Published: 11 March 2026
Summary
CVE-2026-3916 is a critical-severity Out-of-bounds Read (CWE-125) vulnerability in Google Chrome. Its CVSS base score is 9.6 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Drive-by Compromise (T1189); ranked at the 27.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Timely flaw remediation requires updating Google Chrome to version 146.0.7680.71 or later, directly eliminating the out-of-bounds read vulnerability in the Web Speech component.
Vulnerability scanning identifies deployments of vulnerable Chrome versions prior to 146.0.7680.71 affected by CVE-2026-3916.
Memory protection mechanisms like ASLR and DEP minimize the exploitability of the out-of-bounds read vulnerability even in unpatched Chrome instances.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Out-of-bounds read in Chrome Web Speech enables drive-by compromise via malicious site (T1189), direct client-side exploitation for execution (T1203), and sandbox escape for privilege escalation (T1068) leading to ACE.
NVD Description
Out of bounds read in Web Speech in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Deeper analysisAI
CVE-2026-3916 is an out-of-bounds read vulnerability (CWE-125) in the Web Speech component of Google Chrome versions prior to 146.0.7680.71. This flaw affects the browser's implementation of the Web Speech API, which enables voice data processing for features like speech recognition and synthesis. Chromium security rated it as High severity, with a CVSS v3.1 base score of 9.6 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H), highlighting its potential for severe impact due to changed scope and high confidentiality, integrity, and availability consequences.
A remote attacker can exploit this vulnerability by tricking a user into visiting a malicious website containing a crafted HTML page. The out-of-bounds read occurs during Web Speech processing, potentially allowing a sandbox escape. No user privileges are required beyond standard browsing, but user interaction is necessary to load the page. Successful exploitation could grant the attacker elevated privileges within the browser sandbox, enabling arbitrary code execution with high-impact effects on the victim's system.
Google's stable channel update, detailed in the Chrome Releases blog at https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html, addresses this issue in version 146.0.7680.71 and later. The Chromium bug tracker entry at https://issues.chromium.org/issues/482828615 provides further technical details on the fix. Security practitioners should prioritize updating affected Chrome installations to mitigate the risk of sandbox escape.
Details
- CWE(s)