CVE-2022-1859: 
vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2022-1859) was discovered in the Performance Manager component of Google Chrome versions prior to 102.0.5005.61. The vulnerability was reported by Guannan Wang of Tencent Security Xuanwu Lab on May 5, 2022, and was patched in the stable channel update released on May 24, 2022 (Chrome Release).

The vulnerability is classified as a high-severity issue with a CVSS v3.1 base score of 8.8. The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating network attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, and high impact on confidentiality, integrity, and availability (NVD).

If successfully exploited, this vulnerability could allow a remote attacker to potentially exploit heap corruption through a crafted HTML page, leading to arbitrary code execution. The vulnerability affects the confidentiality, integrity, and availability of the system with high impact ratings for all three aspects (Ubuntu).

The vulnerability was fixed in Google Chrome version 102.0.5005.61. Users and administrators should upgrade to this version or later to mitigate the risk. The fix was also incorporated into various Linux distributions, including Ubuntu 18.04 LTS (version 103.0.5060.134-0ubuntu0.18.04.1) and Debian (Gentoo Advisory).