This vulnerability involves a heap buffer overflow in the Codecs module of Google Chrome on Linux and ChromeOS platforms before version 149.0.7827.115. The flaw allows a remote attacker, with control over the renderer process, to potentially perform a sandbox escape by delivering a specially crafted HTML page. The sandbox escape could lead to further compromise beyond the renderer process. The vendor advisory link is provided but does not explicitly confirm patch availability or remediation status in the input data.

Successful exploitation could allow an attacker who has compromised the renderer process to escape the sandbox, potentially leading to elevated privileges or broader system compromise on affected Linux and ChromeOS devices running vulnerable Chrome versions.

Patch status is not yet confirmed — check the vendor advisory at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01962725236.html for current remediation guidance. Until official fixes are confirmed and applied, avoid untrusted content that could trigger the vulnerability and consider limiting renderer process exposure.