Chrome handles media streams by allocating buffers on the heap. The integer overflow occurs during the parsing of certain parameters in a video file, which can corrupt those buffers. If an attacker can successfully cause overflow, the corrupted heap may lead to arbitrary code execution or denial of service. The weakness is identified as CWE‑472: Integer Overflow or Wraparound.

Google Chrome versions prior to 147.0.7727.55 on all platforms that support media playback are affected. The vulnerability applies to the stable channel of Chrome; no specific version rollbacks or isolated components were listed.

The CVSS score is not publicly disclosed, and there is no EPSS value available, making it difficult to quantify the likelihood of exploitation. The vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is a remote attacker delivering a specially crafted video file to a victim’s browser, possibly via a malicious website or email attachment. Because the flaw requires a crafted media payload, exploitation may require user interaction or favorable conditions, but the potential for remote code execution warrants immediate attention.