CVE-2022-0972: 
vulnerability analysis and mitigation

A Use-after-free vulnerability (CVE-2022-0972) was discovered in the Extensions component of Google Chrome versions prior to 99.0.4844.74. The vulnerability was reported by Sergei Glazunov of Google Project Zero on February 28, 2022, and was patched in the March 15, 2022 stable channel update (Chrome Release).

The vulnerability is classified as a Use-after-free (CWE-416) issue in the Extensions component of Google Chrome. It received a CVSS v3.1 base score of 8.8 (HIGH) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating high severity with potential for remote exploitation (NVD).

If successfully exploited, this vulnerability could allow an attacker to potentially exploit heap corruption via a crafted HTML page after convincing a user to install a malicious extension. The high CVSS score indicates potential for significant impact on confidentiality, integrity, and availability of the affected system (NVD).

The vulnerability was fixed in Google Chrome version 99.0.4844.74. Users and administrators should upgrade to this version or later to mitigate the risk. The fix was also incorporated into various downstream distributions, including Debian and Gentoo (Gentoo Advisory).