CVE-2022-0798: 
vulnerability analysis and mitigation

Use after free vulnerability in MediaStream component of Google Chrome versions prior to 99.0.4844.51 was discovered. The vulnerability, identified as CVE-2022-0798, was reported by Samet Bekmezci on December 30, 2021, and officially disclosed on March 1, 2022. This security flaw affected Chrome browsers across Windows, Mac, and Linux platforms (Chrome Release, NVD).

The vulnerability is classified as a Use-After-Free (UAF) flaw in the MediaStream component of Chrome. The issue could be exploited through a crafted Chrome Extension, potentially leading to heap corruption. Google rated this as a Medium severity vulnerability and awarded a $15,000 bounty to the researcher who discovered it (Chrome Release).

If successfully exploited, an attacker who convinced a user to install a malicious extension could potentially exploit heap corruption via a crafted Chrome Extension. This could lead to program crashes or potentially arbitrary code execution (NVD).

Google addressed this vulnerability in Chrome version 99.0.4844.51. Users and organizations are advised to update to this version or later to protect against this security flaw. The fix was included in a security update that addressed multiple vulnerabilities (Chrome Release).