A flaw in V8 permits a remote attacker, via a crafted HTML page, to read memory locations beyond those intended for a script. The vulnerability can expose confidential data but does not lead directly to code execution. The flaw is classified as a medium‑severity issue in Chromium's own grading but receives a high CVSS score of 8.8. The likely attack vector is remote, requiring a victim to open or interact with a malicious web page. Evidently, the vulnerability does not require elevated privileges or other local conditions, making it accessible from any user session in the affected browser.

Google Chrome versions up to and including 146.0.7680.71 are affected. The vulnerability applies universally across Windows, macOS, Linux, and other platforms that ship the recognized Chrome builds, as Chrome’s V8 engine is cross‑platform. All users running these versions are potentially vulnerable until an update mitigates the issue.

The CVSS base score of 8.8 reflects significant potential damage from the out‑of‑bounds read, yet the EPSS score of less than 1% indicates a very low probability of exploitation in the near term. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, suggesting no widespread active exploitation has been reported. Attackers can exploit the flaw by simply navigating to a malicious site; no additional conditions are needed. The combination of high impact with low exploitability moderates overall risk, but the severity warrants precautionary action.