CVE-2022-0974: 
vulnerability analysis and mitigation

CVE-2022-0974 is a Use-after-free vulnerability discovered in the Splitscreen feature of Google Chrome on Chrome OS. The vulnerability affected versions prior to 99.0.4844.74 and was reported by @ginggilBesel on January 28, 2022. The vulnerability was officially disclosed and patched in March 2022 (Chrome Release).

The vulnerability is classified as a high-severity Use-after-free (UAF) issue specifically affecting the Splitscreen functionality in Chrome OS. The bug was assigned a bounty of $7,000, indicating its significant security impact. The vulnerability could be triggered through specific user interactions with a crafted HTML page (NVD).

The vulnerability could potentially allow a remote attacker to exploit heap corruption if they successfully convinced a user to engage in specific interactions with a maliciously crafted HTML page. This could lead to program crashes or potential code execution (NVD).

Google addressed this vulnerability in Chrome OS version 99.0.4844.74. Users and administrators are advised to update to this version or later to mitigate the risk. The fix was included in the March 15, 2022 stable channel update (Chrome Release).