CVE-2026-3909: Google Skia Out-of-Bounds Write Vulnerability. Google Skia

Google Skia Out-of-Bounds Write Vulnerability. Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.

• CISA KEV-listed (remediation due 2026-03-27)
• EPSS 0.5% (64.2% percentile)

Related briefings

• Google Patches Two Chrome Zero-Days Exploited in the Wild — Skia and V8 Under Active Attack 2026-03-15

Browse the CVE database

Read the full analysis on IntelFusions