CVE-2022-2612: 
vulnerability analysis and mitigation

Side-channel information leakage vulnerability (CVE-2022-2612) was discovered in Google Chrome's keyboard input functionality affecting versions prior to 104.0.5112.79. The vulnerability was reported on April 30, 2022, by Erik Kraft and Martin Schwarzl, and was patched in August 2022 (Chrome Release).

The vulnerability is classified as a medium severity issue with a CVSS v3.1 base score of 6.5 (MEDIUM). The attack vector is network-based (AV:N), with low attack complexity (AC:L), requiring no privileges (PR:N) but user interaction (UI:R). The scope is unchanged (S:U), with high confidentiality impact (C:H) but no impact on integrity (I:N) or availability (A:N) (NVD).

This vulnerability allows a remote attacker who has compromised the renderer process to obtain potentially sensitive information from process memory through a crafted HTML page. The attack specifically targets keyboard input processing, potentially exposing sensitive user data (NVD).

Google addressed this vulnerability in Chrome version 104.0.5112.79. Users and administrators are advised to upgrade to this version or later. The fix was also incorporated into various Linux distributions including Debian, Fedora, and Gentoo through their respective security updates (Gentoo Advisory, Fedora Update).