CVE-2022-2008: 
vulnerability analysis and mitigation

Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page (CVE Mitre, NVD). The vulnerability was discovered and reported on April 19, 2022, and was addressed in the Chrome stable channel update released on June 9, 2022.

The vulnerability is classified as a double free memory corruption issue specifically affecting the WebGL component in Google Chrome. This type of vulnerability occurs when the same memory block is erroneously freed twice, potentially leading to heap corruption. The issue was assigned a High severity rating and was tracked under Chrome bug ID 1317673 (Chrome Release).

The vulnerability could allow a remote attacker to potentially exploit heap corruption through a specially crafted HTML page. This type of memory corruption vulnerability could potentially lead to arbitrary code execution within the context of the browser (NVD).

The vulnerability was patched in Google Chrome version 102.0.5005.115. Users are advised to update to this version or later to mitigate the risk. The fix was also incorporated into various Linux distributions including Debian, Ubuntu, and Fedora through their respective security updates (Debian Tracker).