Sandbox escape race condition in Google Chrome Payments

Successful exploitation could allow a remote attacker to escape the Chrome sandbox from malicious web content. In practical terms, this can enable compromise beyond the renderer or web-content isolation boundary and may facilitate broader impact on the host browser process or underlying system, subject to exploit reliability and chaining requirements. The provided content does not specify confirmed in-the-wild exploitation or post-escape privileges.

If immediate patching is not possible, reduce exposure by limiting use of untrusted websites and web content until the update is applied. Enterprise administrators should expedite Chrome updates and verify browser restarts so the patched version is active. Because this issue is triggered through crafted HTML content, restricting browsing to trusted sites and using layered endpoint controls may reduce risk, but these measures are not substitutes for patching.

Update Google Chrome to version 148.0.7778.168 or later. The provided content indicates that versions prior to 148.0.7778.168 are affected and that Google released a stable-channel security update addressing this issue. Standard remediation is to deploy the vendor patch across Windows, macOS, and Linux installations as applicable and relaunch the browser to complete the update.