An inappropriate implementation in the ANGLE rendering component of Google Chrome prior to 148.0.7778.216 permits a maliciously crafted HTML page to trigger an out-of-bounds memory access. The flaw could allow a remote attacker to read or write arbitrary memory locations, potentially leading to information disclosure or execution of arbitrary code if the memory corruption can be exploited further. The weakness corresponds to a classic buffer over-read or out-of-bounds access, a potential buffer overflow (CWE‑805), and an out-of-bounds read of a freed buffer (CWE‑125).

Google Chrome browsers with versions earlier than 148.0.7778.216 are affected. The vulnerability is contained within the ANGLE component that interfaces with graphics hardware. No other vendors or products are currently listed as impacted.

The EPSS score indicates a very low probability of exploitation (< 1%) and the vulnerability is not listed in the CISA KEV catalog, suggesting no widely known or actively used exploits at this time. The likely attack vector is a remote web page that a victim’s browser renders; an attacker would need a victim to visit a maliciously crafted page, which may be delivered through email, phishing, or compromised websites. Because the flaw involves out-of-bounds memory access, successful exploitation would require the attacker to cause the browser to execute a memory corruption sequence, which may be complex but is feasible with sufficient engineering effort. The CVSS score of 4.3 indicates moderate severity, though the Chromium security severity remains High, underscoring that any successful exploitation could impact confidentiality, integrity, or availability of the affected system.