CVE-2022-1869: 
vulnerability analysis and mitigation

Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. The vulnerability was discovered and reported by Man Yue Mo of GitHub Security Lab on March 23, 2022, and was fixed in Chrome version 102.0.5005.61 released on May 24, 2022 (Chrome Release, GitHub Lab).

The vulnerability is a type confusion issue in V8, Chrome's JavaScript engine, specifically in the handling of accessor in ReduceNamedAccess. The bug occurs when a lookupstartobject that passes the LookupHolderOfExpectedType test is provided along with a receiver of a different type, leading to type confusion. The issue manifests in the AccessorAccessInfoHelper where map compatibility is checked between the API call and the map (GitHub Lab).

This vulnerability could be exploited to achieve Remote Code Execution (RCE) within the Chrome renderer sandbox by simply visiting a malicious website. The CVSS base score for this vulnerability is 6.5 (Medium), with high confidentiality impact but no integrity or availability impact (Ubuntu).

The vulnerability was patched in Chrome version 102.0.5005.61. Users and administrators should ensure their Chrome installations are updated to this version or later. The fix was also backported to various Linux distributions including Ubuntu 18.04 LTS where it was fixed in version 103.0.5060.134-0ubuntu0.18.04.1 (Ubuntu).