CVE-2022-1640: 
vulnerability analysis and mitigation

Use after free vulnerability (CVE-2022-1640) was discovered in the Sharing feature of Google Chrome versions prior to 101.0.4951.64. The vulnerability allowed remote attackers to potentially exploit heap corruption through a crafted HTML page, provided they could convince users to engage in specific UI interactions (Chrome Release, NVD).

The vulnerability is classified as a Use-after-free (UAF) issue specifically affecting the Sharing component in Google Chrome. It was reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on April 28, 2022. The issue was deemed significant enough to warrant a security fix in the stable channel update to version 101.0.4951.64 (Chrome Release).

If successfully exploited, this vulnerability could lead to heap corruption through a specially crafted HTML page, potentially resulting in arbitrary code execution within the context of the browser (NVD).

The vulnerability was patched in Chrome version 101.0.4951.64. Users and administrators are advised to upgrade to this version or later to mitigate the risk. The fix was also incorporated into various Chrome-based browsers and operating system distributions (Chrome Release, Gentoo Security).