CVE-2022-2609: 
Google Chrome vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2022-2609) was discovered in the Nearby Share feature of Google Chrome on Chrome OS versions prior to 104.0.5112.79. The vulnerability was reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on June 22, 2022 (Chrome Release). This security flaw affects Chrome OS systems running versions before the patched release.

The vulnerability is classified as High severity with a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD). The issue stems from a use-after-free condition in the Nearby Share functionality, which could potentially lead to heap corruption when triggered through specific user interface interactions.

If successfully exploited, this vulnerability could allow a remote attacker to potentially execute arbitrary code within the context of the browser, leading to heap corruption. The attack requires user interaction, as the attacker needs to convince the user to engage in specific UI interactions (NVD).

Google addressed this vulnerability in Chrome OS version 104.0.5112.79. Users are advised to update their Chrome OS installations to this version or later. The fix was also included in subsequent security updates for various distributions including Fedora and Gentoo (Gentoo Advisory, Fedora Update).