CVE-2022-1133: 
vulnerability analysis and mitigation

CVE-2022-1133 is a Use-after-free vulnerability discovered in WebRTC Perf component of Google Chrome versions prior to 100.0.4896.60. The vulnerability was reported by an anonymous researcher on March 13, 2022, and was patched in the Chrome 100 stable release (Chrome Release).

The vulnerability is classified as a Use-after-free (CWE-416) issue in the WebRTC Perf component. It received a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates that the vulnerability is network-exploitable, requires low attack complexity, needs no privileges, but does require user interaction (NVD).

The vulnerability could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. Given the high CVSS score and impact ratings for confidentiality, integrity, and availability, successful exploitation could lead to significant system compromise (NVD).

The vulnerability was fixed in Google Chrome version 100.0.4896.60. Users and organizations are advised to update to this version or later to mitigate the risk. The fix was also incorporated into various downstream distributions including Debian and Gentoo (Gentoo Advisory).