Cyber Resilience

CVE-2026-3924

High

Published: 11 March 2026

Published
11 March 2026
Modified
13 March 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0015 35.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-3924 is a high-severity Use After Free (CWE-416) vulnerability in Google Chrome. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 35.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-3924 is a use-after-free vulnerability (CWE-416) in the WindowDialog component of Google Chrome versions prior to 146.0.7680.71. This flaw affects the Chromium-based browser's renderer process, where memory is accessed after it has been freed, potentially leading to arbitrary code execution within the compromised process. The issue carries a CVSS v3.1 base score of 7.5 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) and is rated High severity by Chromium security standards.

A remote attacker who has already compromised the renderer process—typically through another vulnerability or user interaction—can exploit this bug via a crafted HTML page to achieve a sandbox escape. Exploitation requires network access, high attack complexity, no privileges, and user interaction (such as visiting a malicious site), but successful compromise grants high impacts on confidentiality, integrity, and availability with unchanged scope.

Mitigation is available through the stable channel update for Google Chrome desktop, detailed in the Chrome Releases blog at https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html, which patches the issue in version 146.0.7680.71 and later. Additional technical details and the fix are tracked in the Chromium issue at https://issues.chromium.org/issues/487338366; users should update to the latest version promptly to prevent exploitation.

EU & UK References

Vulnerability details

use after free in WindowDialog in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1189 Drive-by Compromise Initial Access
Adversaries may gain access to a system through a user visiting a website over the normal course of browsing.
T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Use-after-free in Chrome renderer enables sandbox escape + arbitrary code execution via crafted HTML (drive-by), directly supporting client exploitation (T1203), drive-by compromise (T1189), and privilege escalation out of the sandbox (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-6297Same product: Apple Macos
CVE-2026-8515Same product: Apple Macos
CVE-2026-8511Same product: Apple Macos
CVE-2025-13633Same product: Apple Macos
CVE-2026-7908Same product: Apple Macos
CVE-2026-3918Same product: Apple Macos
CVE-2026-5877Same product: Apple Macos
CVE-2025-10501Same product: Apple Macos
CVE-2026-9978Same product: Apple Macos
CVE-2026-6302Same product: Apple Macos

Affected Assets

google
chrome
≤ 146.0.7680.71

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely remediation of flaws, directly addressing the use-after-free vulnerability through Chrome patching to version 146.0.7680.71 or later.

prevent

Implements memory protection mechanisms such as ASLR and DEP that directly mitigate use-after-free exploits in the renderer process.

prevent

Enforces process isolation in the renderer sandbox to limit the scope and impact of potential sandbox escapes triggered by the use-after-free.

References