Google Chrome 146 WebML Integer Overflow Caused by Crafted HTML Page
CVE-2026-3914 Published on March 11, 2026

Integer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

NVD

Weakness Type

What is an Assumed-Immutable Parameter Tampering Vulnerability?

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.

CVE-2026-3914 has been classified to as an Assumed-Immutable Parameter Tampering vulnerability or weakness.

Products Associated with CVE-2026-3914

Want to know whenever a new CVE is published for Google Chrome? stack.watch will email you.

Google Chrome

Affected Versions

Google Chrome:

Version 146.0.7680.71 and below 146.0.7680.71 is affected.

Google Chrome 146 WebML Integer Overflow Caused by Crafted HTML PageCVE-2026-3914 Published on March 11, 2026

Weakness Type

What is an Assumed-Immutable Parameter Tampering Vulnerability?

Products Associated with CVE-2026-3914

Affected Versions

Google Chrome 146 WebML Integer Overflow Caused by Crafted HTML Page
CVE-2026-3914 Published on March 11, 2026