This vulnerability arises from an inappropriate implementation in the Speech feature of Google Chrome versions before 148.0.7778.96. It enables a remote attacker to conduct UI spoofing attacks by delivering a specially crafted HTML page. UI spoofing can mislead users by presenting deceptive interface elements, potentially facilitating phishing or other social engineering attacks. The vulnerability is recognized by Chromium security with a medium severity rating. No CVSS score or detailed technical exploitation information is available. The vendor advisory is referenced but does not explicitly state patch availability in the provided data.

The impact is limited to UI spoofing, which can deceive users into interacting with malicious or misleading interface elements. This could lead to user confusion or trick users into performing unintended actions. There is no indication of code execution, privilege escalation, or data leakage from the provided information. No known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory at https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html for current remediation guidance. Users and administrators should monitor official Google Chrome release notes and update to version 148.0.7778.96 or later once confirmed. Until then, be cautious with untrusted HTML content that could exploit UI spoofing vulnerabilities.