CVE-2022-0099: 
vulnerability analysis and mitigation

CVE-2022-0099 is a high-severity vulnerability affecting Google Chrome versions prior to 97.0.4692.71. The vulnerability was discovered by a researcher known as Rox and reported on September 1, 2021. It was officially disclosed on January 4, 2022, as part of Chrome's stable channel update (Chrome Release).

The vulnerability is classified as a Use-after-free vulnerability in the Sign-in component of Google Chrome. Use-after-free vulnerabilities occur when a program continues to use a pointer after it has been freed, which can lead to program crashes or potential code execution. Google assigned this vulnerability a High severity rating and awarded a $5,000 bounty to the researcher (Chrome Release).

The vulnerability allows a remote attacker who convinces a user to perform specific user gestures to potentially exploit heap corruption via specific user gesture. This could potentially lead to arbitrary code execution within the context of the browser (Debian Tracker).

The vulnerability was patched in Chrome version 97.0.4692.71. Users and administrators are advised to update to this version or later to mitigate the risk. The fix was also backported to various Linux distributions including Fedora and Debian (Fedora Update).