A flaw in the V8 JavaScript engine implementation in Google Chrome allows a maliciously crafted HTML page to trigger an out-of-bounds memory access. This vulnerability can lead to memory corruption or, at worst, remote code execution if the attacker is able to influence the execution context. The weakness is identified as CWE‑284, representing an insufficient permission checking issue that enables the attacker to exploit the vulnerability with elevated privileges in the browser process.

Google Chrome versions prior to 145.0.7632.159 on all major operating systems are affected, including Windows, macOS, and Linux distributions. The problem resides in the V8 engine used by the browser, affecting any system that runs the vulnerable Chromium build.

The vulnerability carries a CVSS score of 8.8, indicating high severity. Its EPSS score is below 1%, suggesting a low but non-zero probability of exploitation at the time of analysis, and it is not currently listed in CISA's KEV catalog. The likely attack vector involves a remote user tricking a victim into opening a malicious web page that exploits the V8 engine; the exploitation requires the victim to have Chrome installed and to visit the malformed page. Given these conditions, the risk is notable but primarily depends on user interaction and the prevalence of the vulnerability in the installed Chrome version.