A use‑after‑free flaw in Google Chrome’s GPU subsystem allows a renderer process that has already been compromised to perform an out‑of‑bounds memory write when it renders a specially crafted HTML page. The invalid access corrupts the renderer’s address space, which can lead to a crash or provide an avenue for arbitrary code execution if the corrupted memory is leveraged. The flaw corresponds to CWE‑416 (use‑after‑free) and CWE‑825 (out‑of‑bounds write). Based on the description, it is inferred that the attacker can trigger the flaw by delivering malicious content that the compromised renderer will process, potentially turning a memory corruption into a full compromise of the host system.

Google Chrome versions older than 148.0.7778.168 on all desktop platforms use the Chromium GPU stack and are affected by this vulnerability. Chrome updates newer than that release include the necessary fix. All derivatives that embed this GPU code path fall within the same scope.

The EPSS score is not available and the vulnerability is not listed in CISA’s KEV catalog, so quantifying exploitation likelihood is difficult. The CVSS score of 3.1 indicates low overall severity. Exploitation requires an attacker to have already compromised the renderer process and then deliver a crafted page that triggers the GPU code path. Because the flaw writes beyond the bounds of a freed object, a successful exploit could corrupt memory, leading to a denial of service or potentially arbitrary code execution. Based on the description, the likely attack vector is remote via a malicious webpage served to the compromised renderer.