Impact
This vulnerability is an out-of-bounds read in the VideoCapture feature of Google Chrome that allows a remote attacker who has already compromised the GPU process to read arbitrary memory in the process. The attacker can feed a specially crafted HTML page to trigger the memory read, potentially exposing sensitive data. It is classified as Memory Access Violation (CWE-125).
Affected Systems
Users running Google Chrome on any platform that enables GPU acceleration are potentially vulnerable, but the CVE payload does not specify which versions contain the flaw.
Risk and Exploitability
The exploit requires the attacker to first gain control of the GPU process, a step that is non‑trivial and may limit real‑world exploitation. No EPSS score is available, and the vulnerability is not listed in CISA's KEV catalog. Given its CVSS score of 5.3, it represents a medium‑severity risk that can lead to data leakage; administrators should address it promptly until patched.
OpenCVE Enrichment
Debian DSA