This vulnerability arises from insufficient enforcement of policies in the ServiceWorker feature of Google Chrome versions before 148.0.7778.179. An attacker can exploit this weakness by crafting a malicious HTML page that causes cross-origin data leakage. The vulnerability was publicly disclosed and assigned a high severity by the Chromium project. However, no CVSS score or detailed remediation information is included in the provided data. The vendor advisory is referenced but patch status is not explicitly stated in the input.

The impact is a potential cross-origin data leak, which could expose sensitive information from other origins to an attacker-controlled page. This compromises the confidentiality of data handled by the browser's ServiceWorker. No information about exploitation in the wild is available, and the extent of data exposure depends on the attacker's ability to deliver the crafted HTML page to the victim.

Patch status is not yet confirmed — check the vendor advisory at https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0841193308.html for current remediation guidance. Until an official fix is confirmed, users should consider updating to the latest Chrome version once available. No vendor advisory content explicitly states that no action is required or that the issue is already mitigated.