Chrome <146.0.7680.71 ResourceTiming Side-Channel Leak (CVE-2026-3929): CVE-2026-3929 March 2026

Side-channel information leakage in ResourceTiming in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Vulnerability Analysis

CVE-2026-3929 can be exploited with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

Attack Vector:

NETWORK

Attack Complexity:

HIGH

Privileges Required:

NONE

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

NONE

Availability Impact:

NONE

Weakness Type

Improper Protection Against Physical Side Channels

The product is missing protections or implements insufficient protections against information leakage through physical channels such as power consumption, electromagnetic emissions (EME), acoustic emissions, or other physical attributes.

Products Associated with CVE-2026-3929

Want to know whenever a new CVE is published for Google Chrome? stack.watch will email you.

Chrome <146.0.7680.71 ResourceTiming Side-Channel Leak (CVE-2026-3929)
CVE-2026-3929 Published on March 11, 2026

Vulnerability Analysis

Weakness Type

Improper Protection Against Physical Side Channels

Products Associated with CVE-2026-3929

Affected Versions

Chrome <146.0.7680.71 ResourceTiming Side-Channel Leak (CVE-2026-3929)CVE-2026-3929 Published on March 11, 2026

Vulnerability Analysis

Weakness Type

Improper Protection Against Physical Side Channels

Products Associated with CVE-2026-3929

Affected Versions

Chrome <146.0.7680.71 ResourceTiming Side-Channel Leak (CVE-2026-3929)
CVE-2026-3929 Published on March 11, 2026