An use‑after‑free flaw in the PrivateAI component of Google Chrome allows a remote attacker to potentially escape the renderer sandbox by delivering a specially crafted HTML page that prompts the user to perform particular UI gestures. If the vulnerability is triggered, the attacker could obtain the privileges of the Chrome process and potentially execute arbitrary code with the same rights as the user. This weakness is a classic memory corruption issue that permits unauthorized memory access and control flow hijacking.

Google Chrome versions prior to 147.0.7727.55 on Windows, macOS, and Linux are affected. The flaw is present in all desktop editions of the browser and specifically targets the PrivateAI functionality used across these operating systems.

With a CVSS score of 9.6, the bug represents a very high risk if exploited. The exploit probability is currently very low (EPSS < 1 %) and the vulnerability is not listed in the KEV catalog, indicating no known exploitation in the wild. However, the requirement for user interaction through a crafted web page makes social engineering a viable attack path. The potential impact of escaping the sandbox to reach full system compromise means the risk remains significant if a determined adversary can deliver the malicious page and persuade a user to comply.