CVE-2022-3655: 
vulnerability analysis and mitigation

A heap buffer overflow vulnerability (CVE-2022-3655) was discovered in the Media Galleries component of Google Chrome versions prior to 107.0.5304.62. The vulnerability was reported on July 11, 2022, by security researchers koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute. This security flaw affects Chrome browsers across Windows, Mac, and Linux operating systems (Chrome Release).

The vulnerability is classified as a heap buffer overflow in the Media Galleries component of Google Chrome. The severity was assessed as Medium according to Chromium's security severity ratings. The vulnerability could be exploited through a crafted HTML page when a user is convinced to install a malicious extension, potentially leading to heap corruption (CVE Mitre).

If successfully exploited, this vulnerability could allow an attacker to potentially corrupt heap memory through a malicious extension installation combined with a crafted HTML page. The impact was significant enough for Google to award a $7,000 bounty to the researchers who discovered it (Chrome Release).

Google addressed this vulnerability in Chrome version 107.0.5304.62 and later versions. Users are advised to update their Chrome browsers to the latest version to receive the security fix. The fix was rolled out for Windows, Mac, and Linux platforms (Chrome Release).