A use‑after‑free defect exists in the Network layer of Google Chrome versions prior to 149.0.7827.53. Malicious packets can corrupt heap memory, leading to application crashes or other unstable behaviour. Because the CVE description does not explicitly state that code execution or data disclosure is possible, the impact is limited to loss of availability or stability unless further exploitation is achieved. Based on the nature of use‑after‑free, it is inferred that an attacker could potentially leverage the corruption for more severe outcomes if additional vulnerabilities are present, but such behaviour is not confirmed in the current data.

The affected product is Google Chrome for desktop platforms. Any Chrome installation older than 149.0.7827.53 is vulnerable, regardless of operating system. No further details on specific builds or OS versions are included in the CVE record.

The CVSS score of 8.8 classifies this flaw as high severity. The EPSS value of less than 1% indicates a very low current exploitation probability, and the vulnerability is not listed in the CISA KEV catalog, suggesting limited active use. The likely attack vector is network‑based; a remote attacker can send crafted HTTP or HTTPS traffic to a Chrome instance to trigger the heap corruption without user interaction. Because the description states that malicious network traffic can cause the defect, it is inferred that the vulnerability can be exercised remotely. Consequently, the risk is high severity but low exploitation chance in the present environment.