Chrome <145.0.7632.159 Skia Integer Overflow OOB Memory Access
CVE-2026-3538 Published on March 4, 2026

Integer overflow in Skia in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)

NVD

Weakness Type

What is an Assumed-Immutable Parameter Tampering Vulnerability?

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.

CVE-2026-3538 has been classified to as an Assumed-Immutable Parameter Tampering vulnerability or weakness.

Products Associated with CVE-2026-3538

Want to know whenever a new CVE is published for Google Chrome? stack.watch will email you.

Google Chrome

Affected Versions

Google Chrome:

Version 145.0.7632.159 and below 145.0.7632.159 is affected.

Chrome <145.0.7632.159 Skia Integer Overflow OOB Memory AccessCVE-2026-3538 Published on March 4, 2026

Weakness Type

What is an Assumed-Immutable Parameter Tampering Vulnerability?

Products Associated with CVE-2026-3538

Affected Versions

Chrome <145.0.7632.159 Skia Integer Overflow OOB Memory Access
CVE-2026-3538 Published on March 4, 2026