CVE-2022-3312: 
Google Chrome vulnerability analysis and mitigation

CVE-2022-3312 is a security vulnerability discovered in Google Chrome's VPN functionality on ChromeOS prior to version 106.0.5249.62. The vulnerability was reported by Andr.Ess on March 6, 2022, and was officially disclosed in September 2022. The issue stems from insufficient validation of untrusted input in the VPN component, which could allow a local attacker with physical access to bypass managed device restrictions (Chrome Release, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 4.6 (Medium severity) with the following vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N. This indicates that the vulnerability requires physical access (AV:P), has low attack complexity (AC:L), requires no privileges (PR:N), needs no user interaction (UI:N), has unchanged scope (S:U), results in no impact to confidentiality (C:N), high impact to integrity (I:H), and no impact to availability (A:N). The vulnerability is classified under CWE-306 (Missing Authentication for Critical Function) (NVD).

The vulnerability allows a local attacker with physical access to the device to bypass managed device restrictions. This could potentially compromise the security controls put in place by device administrators, affecting the integrity of ChromeOS's security model (NVD).

Google addressed this vulnerability in ChromeOS version 106.0.5249.62. Users and administrators are advised to update their ChromeOS devices to this version or later to mitigate the risk (Chrome Release).