CVE-2022-0105: 
vulnerability analysis and mitigation

CVE-2022-0105 is a high-severity use-after-free vulnerability discovered in the PDF Accessibility component of Google Chrome versions prior to 97.0.4692.71. The vulnerability was reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on November 28, 2021, and was publicly disclosed on January 4, 2022 (Chrome Release).

The vulnerability is classified as a use-after-free bug affecting the PDF Accessibility feature in Google Chrome. Use-after-free vulnerabilities occur when a program continues to use a pointer after it has been freed, which can lead to program crashes or potential code execution. The issue was addressed in Chrome version 97.0.4692.71, indicating its severity was sufficient to warrant a rapid security update (CVE Mitre).

A remote attacker could potentially exploit heap corruption via a crafted HTML page targeting the PDF Accessibility feature. This vulnerability could potentially lead to program crashes or arbitrary code execution within the context of the browser (NVD).

The primary mitigation is to update Google Chrome to version 97.0.4692.71 or later. The vulnerability has been fixed in this release and all subsequent versions. Various Linux distributions have also released security updates to address this vulnerability, including Fedora and Debian (Fedora Update).