CVE-2023-2722: 
vulnerability analysis and mitigation

CVE-2023-2722 is a high-severity vulnerability discovered in Google Chrome's Autofill UI on Android. The vulnerability was reported by Rong Jian of VRI on December 14, 2022, and was fixed in version 113.0.5672.126. This use-after-free vulnerability affects Google Chrome on Android devices running versions prior to 113.0.5672.126 (Chrome Release).

The vulnerability is classified as a Use After Free (UAF) vulnerability in the Autofill UI component of Google Chrome on Android. It has been assigned a CVSS v3.1 base score of 8.8 (HIGH), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability could potentially lead to heap corruption when triggered by a specially crafted HTML page (NVD).

If successfully exploited, this vulnerability could allow a remote attacker to potentially exploit heap corruption through a crafted HTML page. Given the high CVSS score and the potential for heap corruption, successful exploitation could lead to arbitrary code execution, information disclosure, or system compromise (NVD).

The vulnerability has been patched in Chrome version 113.0.5672.126. Users and administrators are strongly advised to upgrade to this version or later. Multiple Linux distributions have also released security updates to address this vulnerability, including Debian (DSA-5404-1), Fedora 37 and 38, and Gentoo (Debian Advisory, Gentoo Advisory).