CVE-2026-4439 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.8 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA-ADP	ADP	8.8 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
google	chrome	𝑥 < 146.0.7680.153

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

chromium

bookworm	vulnerable
bookworm (security)	146.0.7680.164-1~deb12u1 fixed
bullseye	vulnerable
bullseye (security)	vulnerable
forky	146.0.7680.153-1 fixed
sid	146.0.7680.164-1 fixed
trixie	vulnerable
trixie (security)	146.0.7680.164-1~deb13u1 fixed

Ubuntu Releases

Ubuntu Product

Codename

chromium-browser

jammy	not-affected
noble	not-affected
questing	not-affected

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

Vulnerability Media Exposure

[GERMAN] Chrome: Google schließt 26 Sicherheitslücken im Webbrowser
Das in der Nacht zum Donnerstag veröffentlichte Chrome-Update schließt 26 Sicherheitslücken, darunter drei kritische.
Published: 2026-03-20T07:18:00+00:00
[ENGLISH] ⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More
Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still ignore basic advisories. This edition covers a mix of issues: supply chain attacks hitting CI/CD setups, long-abused IoT devices being shut down, and exploits moving quickly from disclosure to real attacks. There are also new malware tricks
Published: 2026-03-23T18:44:00+05:30

References

https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html

https://issues.chromium.org/issues/475877320