Google Chrome contains a flaw in its media handling code that fails to adequately validate data from video files. When the browser processes a specially crafted video file, it can read memory locations beyond the intended bounds, exposing data that may include sensitive information or library addresses. This vulnerability is classified as a memory safety issue (CWE‑125) and can be leveraged by an attacker to gather foothold within the browser process.

Vulnerable versions are all releases of Google Chrome older than 147.0.7727.55 running on Windows, macOS, or Linux. The CPE entries confirm that the issue affects the Chrome browser across all supported operating systems, meaning every user of an out‑of‑date installation is potentially exposed regardless of the platform.

The CVSS score of 8.1 indicates a high impact potential if the out‑of‑bounds read reveals critical data. However, the EPSS score is currently below 1%, suggesting that active exploitation in the wild is unlikely at this time. The vulnerability is not listed in CISA’s KEV catalog. Attackers must supply a malicious media file to a user running the affected browser; thus the likely attack vector is local or requires user interaction. With only a memory read, exploitation complexity is moderate, and additional conditions would be needed to achieve a full compromise.