An inappropriate implementation in the ANGLE rendering component of Google Chrome prior to 148.0.7778.216 permits a maliciously crafted HTML page to trigger an out-of-bounds memory access. The flaw could allow a remote attacker to read or write arbitrary memory locations, potentially leading to information disclosure or execution of arbitrary code if the memory corruption can be exploited further. The weakness corresponds to a classic buffer over-read or out-of-bounds access (CWE‑127) and a potential buffer overflow (CWE‑805).

Google Chrome browsers with versions earlier than 148.0.7778.216 are affected. The vulnerability is contained within the ANGLE component that interfaces with graphics hardware. No other vendors or products are currently listed as impacted.

The EPSS score is unavailable and the vulnerability is not listed in the CISA KEV catalog, indicating no widely known or actively used exploits at this time. The likely attack vector is a remote web page that a victim’s browser renders; an attacker would need a victim to visit a maliciously crafted page, which may be delivered through email, phishing, or compromised websites. Because the flaw involves out-of-bounds memory access, successful exploitation would require the attacker to cause the browser to execute a memory corruption sequence, which may be complex but is feasible with sufficient engineering effort. The CVSS score of 8.8 indicates high severity, and the high severity reported by Chromium suggests that if exploited, the impact could be catastrophic to user confidentiality, integrity, or availability of the affected system.