CVE-2022-1145: 
vulnerability analysis and mitigation

CVE-2022-1145 is a Use-after-free vulnerability discovered in the Extensions component of Google Chrome versions prior to 100.0.4896.60. The vulnerability was reported by Yakun Zhang of Baidu Security on March 9, 2022, and was officially patched in the Chrome stable channel update released on March 29, 2022 (Chrome Release).

The vulnerability is classified as a Use-after-free (CWE-416) issue in the Extensions component of Chrome. It received a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating network accessibility with high attack complexity, no privileges required, and user interaction required (NVD).

The vulnerability could allow an attacker who convinces a user to install a malicious extension to potentially exploit heap corruption through specific user interaction and profile destruction. The high CVSS score indicates potential impacts on confidentiality, integrity, and availability of the affected system (NVD).

The vulnerability was patched in Chrome version 100.0.4896.60. Users and administrators are advised to upgrade to this version or later to mitigate the risk. The fix was also incorporated into other Chromium-based browsers and products, including Microsoft Edge and QtWebEngine (Gentoo Advisory).