Integer overflow in Google Chrome WebML

Successful exploitation can cause heap corruption in Chrome and may enable further memory-corruption outcomes, including browser process compromise. The provided CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) indicates potential for high impact to confidentiality, integrity, and availability. The supporting content states that unpatched Chrome flaws in this release could allow arbitrary code execution, system compromise, or denial-of-service conditions, but for CVE-2026-3914 specifically the confirmed impact in the provided material is heap corruption via crafted HTML content.

If immediate patching is not possible, reduce exposure by limiting use of untrusted websites and web content, especially arbitrary or attacker-controlled HTML pages, since exploitation requires a victim to visit a crafted page. Use browser update enforcement through enterprise management where available, restrict execution contexts for high-risk browsing, and prioritize rapid rollout of the Chrome stable update. These are temporary risk-reduction measures only; vendor patching is the primary mitigation.

Upgrade Google Chrome to version 146.0.7680.71 or later. The provided content states the vulnerability affects Chrome versions prior to 146.0.7680.71 and that Google addressed it in the Chrome 146 stable channel release. Apply the vendor update on all affected Windows, macOS, and Linux systems and restart the browser to ensure the patched version is active.