CVE-2022-0789: 
vulnerability analysis and mitigation

A heap buffer overflow vulnerability (CVE-2022-0789) was discovered in the ANGLE (Almost Native Graphics Layer Engine) component of Google Chrome versions prior to 99.0.4844.51. The vulnerability was reported by SeongHwan Park (SeHwa) on January 21, 2022, and was publicly disclosed on March 1, 2022. This security flaw affected Chrome browsers across Windows, Mac, and Linux platforms (Chrome Release).

The vulnerability is classified as a high-severity heap buffer overflow in ANGLE, which could allow attackers to potentially exploit heap corruption through a specially crafted HTML page. Google assigned a bounty of $10,000 for this vulnerability discovery, indicating its significant impact. The vulnerability was tracked internally as bug 1289383 (Chrome Release).

The vulnerability could potentially lead to heap corruption if successfully exploited, which might result in arbitrary code execution or program crashes. The high severity rating and substantial bug bounty amount suggest significant potential impact on affected systems (NVD).

Google addressed this vulnerability in Chrome version 99.0.4844.51. Users and administrators are advised to upgrade to this version or later to mitigate the risk. The fix was part of a larger security update that addressed multiple vulnerabilities (Chrome Release, Gentoo Security).