CVE-2022-1492: 
vulnerability analysis and mitigation

Insufficient data validation in Blink Editing in Google Chrome prior to version 101.0.4951.41 was identified as CVE-2022-1492. The vulnerability allowed remote attackers to inject arbitrary scripts or HTML through crafted HTML pages. This security issue was discovered by Michał Bentkowski of Securitum and was disclosed on April 11, 2022 (Chrome Release).

The vulnerability is classified as a Medium severity issue with a CVSS v3.1 Base Score of 6.1. It is categorized as CWE-79 (Improper Neutralization of Input During Web Page Generation - Cross-site Scripting) and affects the Blink Editing component of Google Chrome (NVD).

The vulnerability could allow attackers to inject malicious scripts or HTML content into the browser, potentially leading to cross-site scripting attacks. This could result in unauthorized access to sensitive information or execution of arbitrary code in the context of the affected browser (NVD).

The vulnerability was patched in Google Chrome version 101.0.4951.41. Users are advised to update their Chrome browsers to this version or later to mitigate the risk. The fix was included in the stable channel update for Windows, Mac, and Linux platforms (Chrome Release).