CVE-2022-3305: 
Google Chrome vulnerability analysis and mitigation

A high-severity Use-after-free vulnerability (CVE-2022-3305) was discovered in the Survey/Ash component of Google Chrome on ChromeOS prior to version 106.0.5249.62. The vulnerability was reported on April 24, 2022, by Nan Wang (@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute (Chrome Release).

The vulnerability is classified as a Use-after-free (UAF) issue in the Survey/Ash component of ChromeOS. This type of vulnerability occurs when a program continues to use a pointer after it has been freed, which can lead to program crashes or potential code execution. The vulnerability was assigned a High security severity rating by the Chromium team (Chrome Release).

The vulnerability could allow a remote attacker to potentially exploit heap corruption through a specially crafted HTML page. Given its High severity rating, successful exploitation could lead to arbitrary code execution within the context of the browser (NVD).

Google addressed this vulnerability in Chrome version 106.0.5249.62 for ChromeOS. Users are advised to update their Chrome browsers to this version or later to receive the security fix. The fix was included in the stable channel update released on September 27, 2022 (Chrome Release).