This vulnerability arises from an inappropriate implementation in the USB handling component of Google Chrome before version 148.0.7778.216. It enables remote code execution when a user visits a maliciously crafted HTML page. The issue is classified with high severity by Chromium security but lacks a CVSS score and explicit remediation level in the provided data. The vendor advisory is available but does not specify patch availability or mitigation steps.

Successful exploitation could allow a remote attacker to execute arbitrary code on the affected system via a crafted HTML page. This could lead to compromise of the user's environment running the vulnerable Chrome version. No known active exploits have been reported, and the impact is limited to affected Chrome desktop versions prior to 148.0.7778.216.

Patch status is not yet confirmed — check the vendor advisory at https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html for current remediation guidance. Users should update to Chrome version 148.0.7778.216 or later once confirmed. Until then, avoid visiting untrusted or suspicious websites that could host crafted HTML pages exploiting this vulnerability.