wid-sec-w-2026-0702 · Published 2026-03-11 · View on BSI CERT-Bund ↗

Google Chrome and Microsoft Edge: Multiple Vulnerabilities

CVSS 9.6 CRITICAL

Risk Summary

Out of bounds read in Web Speech in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVEs (29)

CVE-2026-3913 CVE-2026-3914 CVE-2026-3915 CVE-2026-3916 CVE-2026-3917 CVE-2026-3918 CVE-2026-3919 CVE-2026-3920 CVE-2026-3921 CVE-2026-3922 CVE-2026-3923 CVE-2026-3924 CVE-2026-3925 CVE-2026-3926 CVE-2026-3927 CVE-2026-3928 CVE-2026-3929 CVE-2026-3930 CVE-2026-3931 CVE-2026-3932 CVE-2026-3934 CVE-2026-3935 CVE-2026-3936 CVE-2026-3937 CVE-2026-3938 CVE-2026-3939 CVE-2026-3940 CVE-2026-3941 CVE-2026-3942

Affected Vendors

Debian Fedora Google IGEL Microsoft SUSE

Affected Products (6)

Google · Chrome <146.0.7680.71

Google · Chrome 146.0.7680.71

Google · Chrome <146.0.7680.72

Google · Chrome 146.0.7680.72

Microsoft · Edge <146.0.3856.59

Microsoft · Edge 146.0.3856.59

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more