The flaw is an uninitialized-use bug in the media component of Google Chrome; it allows a remote attacker who has already compromised the renderer process to read memory from that process via a crafted HTML page. The bug fits CWE‑457 and its primary impact is leaking potentially sensitive data from renderer memory, which could be exploited in subsequent attacks. No code execution or privilege escalation is possible solely from this flaw, but data disclosure is a substantive risk.

Google Chrome versions before 149.0.7827.53 on all supported platforms (Windows, macOS, Linux). The vulnerability impacts only those installations where a renderer process has been compromised, so any user running an affected build and browsing malicious content is at risk.

Chromium classifies it as medium severity. The EPSS score is not available and it is not listed in the CISA KEV catalog, so no known widespread exploits are reported. However, the flaw can be exploited as soon as an attacker can inject code into a renderer; it represents a credible information‑disclosure risk especially in environments where websites can load malicious media. The lack of a current KEV listing suggests no active exploitation campaigns, but the theoretical exploitability remains.