A type confusion flaw in the Accessibility component of Google Chrome on Windows permits a remote attacker who has already gained control of a renderer process to escape the browser’s sandbox. By serving a specially crafted HTML page, the attacker can trigger the vulnerability, potentially achieving execution of arbitrary code with system privileges. This weakness is classified as type confusion (CWE‑843).

All users of Google Chrome on Windows operating systems using the desktop stable channel and not yet updated to version 148.0.7778.96 or newer are vulnerable. The issue applies to any installation that has not received the latest Chrome release.

The flaw carries a CVSS score of 8.3, indicating high severity according to Chromium’s internal scoring. No EPSS value is available and the vulnerability is not listed in the CISA KEV catalog, indicating no known widespread exploitation. Successful exploitation requires that the attacker first compromise the renderer process; the most likely attack path is via a malicious web page delivered through phishing or a drive‑by‑attack, which is inferred from the requirement to serve a crafted HTML page. Once the renderer is compromised, the type‑confusion can be leveraged to escape the sandbox and execute code with elevated privileges on the host system.