An out‑of‑bounds memory read has been identified in ANGLE, the graphics abstraction layer used by Google Chrome on macOS, prior to version 149.0.7827.53. The flaw allows a remote attacker, by serving a crafted HTML page, to read arbitrary data from the process address space. While the vulnerability does not provide direct code execution, the ability to read privileged memory can lead to leakage of sensitive information such as credentials or cryptographic material. The weakness is classified as CWE‑125, indicating an array bounds missing boundary check. The description lists the severity as High, reflecting the potential impact on confidentiality.

The affected product is Google Chrome for macOS. Versions less than 149.0.7827.53 are impacted. The advisory does not quantify earlier versions; users should assume all prior releases carry the vulnerability until updates are applied. Vendors other than Google are not mentioned, and the CWE list confirms a single specific weakness in the ANGLE component.

The CVSS score is 8.1, and the EPSS score is < 1%. The vulnerability is listed outside of the CISA KEV catalog, so no widely known exploits have been reported at the time of this analysis. Based on the description, the likely attack vector is a remote, web‑based attack where an adversary hosts a malicious webpage and lures a user to visit it. Given the nature of the flaw, exploitation requires only standard browsing behavior, making the risk of compromise significant for users who frequently visit untrusted sites.