CVE-2026-3929 — Improper Protection of Physical Side Channels in Google Chrome

CWE-1300 — Improper Protection of Physical Side Channels9 documents9 sources

Severity

3.1LOWNVD

EPSS

0.0%

top 90.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium

Timeline

PublishedMar 11

Latest updateMar 24

Description

Side-channel information leakage in ResourceTiming in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5google/chrome146.0.7680.71 — 146.0.7680.71

▶NVDgoogle/chrome< 146.0.7680.71

▶Debianchromium/chromium< 146.0.7680.71-1~deb12u1+2

🔴Vulnerability Details

GHSA

GHSA-6j39-2hhh-v6j9: Side-channel information leakage in ResourceTiming in Google Chrome prior to 146↗2026-03-12

▶

CVEList

CVE-2026-3929: Side-channel information leakage in ResourceTiming in Google Chrome prior to 146↗2026-03-11

▶

OSV

CVE-2026-3929: Side-channel information leakage in ResourceTiming in Google Chrome prior to 146↗2026-03-11

▶

📋Vendor Advisories

Chrome

Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2026-3929↗2026-03-24

▶

Microsoft

Chromium: CVE-2026-3929 Side-channel information leakage in ResourceTiming↗2026-03-10

▶

Red Hat

chromium-browser: Side-channel information leakage in ResourceTiming↗2026-03-10

▶

Debian

CVE-2026-3929: chromium - Side-channel information leakage in ResourceTiming in Google Chrome prior to 146...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-3929 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶