This vulnerability involves a race condition in the Shared Storage implementation of Google Chrome before version 148.0.7778.96. An attacker with control over the renderer process can exploit this flaw to leak data across origins, violating same-origin policy protections. The issue requires prior compromise of the renderer process and is exploitable via crafted HTML content. The Chromium security team has assigned a medium severity level to this vulnerability. No detailed patch or remediation information is provided in the available advisory.

If exploited, this vulnerability can lead to unauthorized disclosure of cross-origin data within the browser, potentially exposing sensitive information from other web origins. However, exploitation requires that the attacker already controls the renderer process, which limits the scope of impact to scenarios where such compromise is possible. There are no known exploits in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory at https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html for current remediation guidance. Users should update to Chrome version 148.0.7778.96 or later once available. Until then, limiting exposure to untrusted content and maintaining general browser security best practices is advisable.