CVE-2022-2604: 
vulnerability analysis and mitigation

A Use-after-free vulnerability (CVE-2022-2604) was discovered in the Safe Browsing component of Google Chrome versions prior to 104.0.5112.79. This security flaw allowed remote attackers to potentially exploit heap corruption through specially crafted HTML pages (Chrome Blog, NVD).

The vulnerability is classified as a Use-after-free (CWE-416) issue in Chrome's Safe Browsing feature. It received a CVSS v3.1 base score of 8.8 (HIGH), with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability was reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on June 10, 2022, and was awarded a $10,000 bug bounty (Chrome Blog, NVD).

The vulnerability could lead to heap corruption when exploited successfully, potentially allowing attackers to execute arbitrary code within the context of the browser. The high CVSS score indicates severe potential impacts on confidentiality, integrity, and availability of the affected system (NVD).

Google released a patch in Chrome version 104.0.5112.79 to address this vulnerability. Users and administrators are advised to upgrade to this version or later. The fix was also distributed to various Linux distributions including Fedora, Gentoo, and Debian (Chrome Blog, Gentoo Advisory).