CVE-2022-1866: 
Google Chrome vulnerability analysis and mitigation

Use after free in Tablet Mode in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific user interactions. The vulnerability was assigned CVE-2022-1866 and was reported by @ginggilBesel on January 29, 2022 (Chrome Release).

The vulnerability is classified as a Use-After-Free (UAF) issue in the Tablet Mode component of Chrome OS. It has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is tracked under CWE-416 (Use After Free) (NVD).

If successfully exploited, this vulnerability could lead to heap corruption through specific user interactions, potentially resulting in high impacts on confidentiality, integrity, and availability of the affected system (Ubuntu).

The vulnerability was fixed in Google Chrome version 102.0.5005.61 for Chrome OS. Users should update their Chrome OS installations to this version or later to mitigate the vulnerability (Chrome Release).

The vulnerability was rated as Medium severity by the Chrome team and was awarded a $3,000 bug bounty to the researcher @ginggilBesel who reported it (Chrome Release).