A heap buffer overflow exists in the WebRTC component of Google Chrome running on Windows. An attacker can exploit the flaw by delivering a specially crafted HTML page, which causes Chrome to read or write memory outside its intended bounds and execute arbitrary code. The vulnerability is categorized as high severity within Chromium's own security rating, reflecting the potential to compromise confidentiality, integrity, and availability of the affected system.

The issue affects Google Chrome browsers on Windows platforms with version numbers earlier than 149.0.7827.155. Any installation of Chrome on Windows that has not yet applied the latest update remains vulnerable. The CNA vendor product "Google:Chrome" is the sole affected product.

The EPSS score is reported as less than 1%, indicating an extremely low probability of public exploitation at the time of this analysis. The vulnerability is not listed in CISA's KEV catalog. Despite the low probability, the nature of the flaw—remote code execution via a crafted HTML page—makes it highly dangerous if leveraged. Attackers would likely target users on networks where they can supply malicious web content, such as compromised websites or drive‑by download scenarios. No current exploits are publicly available, but the high severity and remote exploitability warrant immediate attention.