CVE-2022-0464: 
vulnerability analysis and mitigation

A Use-after-free vulnerability in the Accessibility component of Google Chrome (CVE-2022-0464) was discovered prior to version 98.0.4758.80. The vulnerability was reported by Zhihua Yao of KunLun Lab on November 14, 2021, and was officially disclosed on February 1, 2022. This security flaw affected Chrome browsers across Windows, Mac, and Linux operating systems (Chrome Release, NVD).

The vulnerability is classified as a Use-after-free (UAF) issue specifically affecting the Accessibility component of Chrome. It was assigned a Medium severity rating, and Google awarded a $1,000 bounty for its discovery. The flaw could potentially lead to heap corruption when triggered through specific user interactions (Chrome Release).

When successfully exploited, this vulnerability could allow a remote attacker to potentially trigger heap corruption, but only after convincing a user to engage in specific interactions. The impact was significant enough to warrant inclusion in Chrome's security update, though it was rated as Medium severity (NVD).

Google addressed this vulnerability in Chrome version 98.0.4758.80. Users were advised to update their Chrome browsers to this version or later to receive the security fix. The update was rolled out for Windows, Mac, and Linux platforms (Chrome Release).