This vulnerability (CWE-416) involves a use-after-free condition in the codecs subsystem of Google Chrome before version 147.0.7727.101. Exploitation requires user interaction (UI required) and can be triggered remotely via a crafted HTML page, potentially leading to arbitrary code execution within the sandbox environment. The CVSS vector indicates network attack vector, low attack complexity, no privileges required, and high impact on confidentiality, integrity, and availability. The vendor advisory is available but does not explicitly state if a patch has been released.

Successful exploitation could allow a remote attacker to execute arbitrary code inside the Chrome sandbox, potentially compromising browser security and user data confidentiality, integrity, and availability. The high CVSS score reflects the critical nature of the impact, although exploitation requires user interaction. No known active exploits have been reported.

Patch status is not yet confirmed — check the vendor advisory at https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html for current remediation guidance. Until official confirmation of a fix, users should exercise caution when browsing untrusted websites and avoid interacting with suspicious content. Monitor the vendor advisory for updates on patch availability.