A use‑after‑free flaw exists in Google Chrome’s CSS engine. When the browser parses a specially crafted HTML page, it can corrupt data residing in heap memory. The CVE description states that this corruption could potentially be exploited for malicious purposes. The weakness is classified as CWE‑416, a deallocated memory access flaw that can lead to data integrity and confidentiality compromise if an attacker can control the corrupted data.

Google Chrome versions prior to 145.0.7632.45 on all supported operating systems (Windows, macOS, Linux) are affected, because the vulnerable CSS engine is shared across platforms. No other vendors or products are reported to be impacted.

The flaw carries a CVSS score of 8.8, placing it in the high‑severity range, while the EPSS score of 4% indicates that exploitation is somewhat more likely but still not common. The vulnerability is not listed in the CISA KEV catalog, suggesting no documented public exploitation. A remote attacker would need to entice a user to load a malicious HTML page—for example, by serving it from a compromised or malicious website. Once rendered, the use‑after‑free can trigger heap corruption that could lead to execution of malicious code. Based on the description, it is inferred that such a scenario would require the victim to visit a page that includes the specially crafted CSS, but the exact method is not explicitly detailed in the CVE information.